Realistically, being behind a hardware router (as is common on home installations these days) is going to give you at least the same level of protection as any "personal firewall" software. Unless you're still using a USB dial-on-demand ADSL adapter or similar I really wouldn't bother, they're more trouble than they're worth.
ZoneAlarm isn't a firewall in the strictest sense, though it does a similar job. Where ZA is really strong is in monitoring outbound connections – ie, it stops things dialling home or initiating downloads of other nasties.
Remove any third party nonsense (because you -really- don't want multiple firewall running), and switch on the Windows Firewall as Rio suggested.
Make sure Windows Update is running and installing the latest patches.
Apply common sense when using the Internet (eg, if a you get a pop-up you've never seen before saying your computer is infected, it's lying).
Get a decent antivirus (Microsoft Security Essentials is surprisingly good and free, or Kaspersky is about the best of the paid-for outings; again you need to uninstall all but one AV or you'll have real problems.
Have a look at Threatfire – it's a heuristic anti-malware product that works well in tandem with MSE.
