I use W2K firewall, a Linksys Firewall / DSL Router, AND installed ZoneAlarm. You would assume one would be enough, 2 would be great, and 3 would be insane, but I still get ZoneAlarm catching fools getting through the first two layers of defense.
I used to work at a digital security company, and the hackers there can get around these simple systems if they really worked at it. Basically they say using 2 similar firewalls is almost useless, you are limited to the weakest defense of the two.
I have NEVER had a hack on my computer, but I get plenty of subseven port sniffer requests per day that are stopped by my third defense (ZoneAlarm). These requests are from average hackers, and are easy to stop.
Best way to protect yourself is with active AND passive measures to shore up your computer's defense. Configure the firewall for all programs, stop all unneeded port traffic, make good passwords (don't save them to disk), eliminate unneeded user accounts, use encryption when given the option, and DEFINITELY use a virus scanner at all times. Then when all is said and done, try testing it to see if JoeAverageHacker can get in (programs that test this are simple to find, just look on google).
If you eliminate all the easy access points, you can forget the average hack. This will leave your system pretty well defended. If you still get hacked, then you either have a trojan, or a world-class hacker got in. If a world-class hacker wants to get in, not much you can do in reality. The harder it is to get in, the more fingerprints they leave, allowing you to catch them a little more easily.
For those computers on 24/7 connected to the internet via broadband, you should use 2 firewalls. A hardware firewall (like a linksys dsl router / firewall, AND one of the many firewall programs out there. The programs all serve the same purpose, basically the one you like is the one you should get. I would prefer the one with the most updates
Hope this helps... sorry it turned into a novel.