If your Operating System has a security bug, no amount of firewalls or anti-virus programs will help you. Make sure you're keeping up to date. For Windows users, the process is mostly automatic or you can go to their update website here (but only when using Internet Explorer).
Since XP service pack 2, there is a security center where you can modify your automatic update settings. For people with fairly basic computer skills the best options is to leave the process entirely automatic. But for people who would like to review the updates before installing them (since sometimes Microsoft sneaks non-critical software updates into the security patches), try "Download but don't install" instead.
The reason is that Microsoft has a nasty habit of slipping non-system updates into the downloads. It's always better to preview the stuff that's about to download before you let it install on your machine. You'll be able to choose with checkboxes which updates to accept and which to reject.
One last thing, be sure to always download and install the most recent version of Internet Explorer. Even though I don't use it and I recommend you don't either, since it's part of the operating system, it's part of the system's security (or it's weakness if it's out of date). Keep it current!