A hardware router set to forward no incoming requests will protect you 100% from worms and other nasties that propagate by scanning the internet for undefended or unpatched windows machines. But will not do anything for nasties that make outgoing connections after you do something that installs them, like reading email that is infected or opening one of those attachments that includes them or whatnot. For that you need a real firewall that limits outgoing connections as well as incoming ones. Those do work, but if you do much more than websurfing and email on your PC then they can be complicated to setup and maintain to keep the services you want running and the services you don't not.
I consider a hardware or other router separate from your PC a very good investment. They are not expensive and offer a very nice layer of protection between you and the internet. Once you turn it on, your computer gets an IP address from the router that is not available to the internet. So I cannot send random packets of information to your PC unless you specifically setup your router to forward them. If you just connect your PC to the internet without one then I can enter your IP address and send DOS attacks, worms, whatever to you and if your machine happens to be vulnerable to one then I've got you.
I am suspicious of software firewall solutions that run on the same machine, after all the evil packet still has to get into your computer before it can be trapped with software and so there is the possibility that it won't get trapped by the software, or that the software will malfunction or be configured incorrectly. ALso there is the fact that in order to intercept packets at a low level the software firewall has to patch, or completely replace the TCP/IP stack in windows. And so potentially there are all kinds of reliability issues there, not to mention that each upgrade to windows will certain require potentially major upgrades to the firewall software to keep working and if you get out of sync you've either got even worse windows reliability or no networking or at least no protection.
A multi-tiered approach is best. A hardware firewall/router and anti-virus/intrusion software on the PC in question. You still have to invest the time and energy to keep all parts of it up to date as well.
There was a really fun article out recently that gave the average survival time of an unpatched or protected windows machine once connected to the internet. The time to infection, even if you don't do anything at all, is down to as little as 15 minutes. So just turning your DSL modem off at night wont stop your machine from getting infected unless you also maintain the OS and the software you use to protect yourself. But if you're already infected and you turn it off then it will keep your zombied machine from being used all night in DOS attacks against other machines. But if thats the case you should be fixing your machine and not just denying the crackers a few hours of it's use every day. The sheer speed at which these machines are found and hacked means that a LOT of people fail to do even the minimum required maintenance to make windows safe to have on the internet.