I would definitely suggest a two way firewall. The XP firewall works well, but has no control over outbound connections. So should something undesirable load, it will usually phone home for the troops. At that point an outbound control firewall should give you the opportunity to prevent it phoning home.
Of course, prevention is better than cure. If you are using IE, harden it. Here's how:
-Secure your Internet Explorer
From within Internet Explorer click on the Tools menu and then click on Options.
* Click once on the Security tab
* Click once on the Internet icon so it becomes highlighted.
* Click once on the Custom Level button.
* Change the Download signed ActiveX controls to Prompt
* Change the Download unsigned ActiveX controls to Disable
* Change the Initialize and script ActiveX controls not marked as safe to Disable
* Change the Installation of desktop items to Prompt
* Change the Launching programs and files in an IFRAME to Prompt
* Change the Navigate sub-frames across different domains to Prompt
* When all these settings have been made, click on the OK button.
* If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.
If you use Firefox, get the noscript add-on. Some are also recommending the "request policy" add-on.
Consider using a hosts file to prevent known bad sites/domains from loading/connecting. You can get one
Here. (There are others. This one works for me. I use Hostsman, recommended and linked at that site, to manage it all.)
These are what you would refer to as security layers. Each area of vulnerability is patched. Preferably with only one application. You would, for example, never try and install 2 firewalls, or 2 AV's. But hardening the browser, or adding a hosts file are two very different things.
One of the most important things to do is to keep your software patched and up to date. Go to
www.secunia.org and have a look at the software inspectors. The online scan should prompt you to install an Activex control (safe), or you can download and install the PSI, which will monitor most if not all installed software against a large database that is kept up to date. I find it useful.