Your defenses sound reasonably good.
Personally, I disagree with your decision to not use FireFox, but that is your choice. I have used both browsers, so I am somewhat experienced in this area. And while it is true that FF may not be quite as friendly "out of the box" (as IE), IMHO it wins "hands down" for features/friendliness (not to mention security) as soon as you add (and customize to your tastes) a few of the more popular/useful "extensions" (an option that IE doesn't have to anywhere near the degree that FF does). And there are even FF extensions that let you launch IE (for the current web site), if/when you run into one of the few (not standards compliant) web sites that is coded to only work in IE. So you needn't give up anything (including the ability to use IE when you want to), by using FF for most of your web browsing. But again, if you are just in love with IE, just keep in mind that you will be a little more exposed to exploits as a result (which means that your "other defenses" should be that much better).
One option I haven't heard anyone mention, is not running as the "Administrator" of the machine (and instead having a "normal user" account for regular usage, and only becoming an "admin" when needed for such activities as installing software). If you aren't an "admin", it is that much harder for a malicious web site to install something on your computer without your consent. Or if not being an admin normally is too restrictive (and it can be a PITA to constantly log in as an admin to do "maintenance"), consider getting "DropMyRights" (a free download) and then modify the shortcuts to your web browser (and other internet facing programs, such as your email) to use "DropMyRights" to run as a "normal user" (or even a "restricted" user), while otherwise continuing to be logged in as an "admin". It's not as secure as just running under the more limited account generally, but it is more secure than running everything with "admin" rights!
As others have already pointed out, an OK home/NAT router/firewall device is a good investment for the cost. Not only are they reasonably cheap (usually $30 - $200 depending upon features/quality/promotions/etc) for the extra real layer of protection they offer, but they also let you "share" your internet connection with multiple device in your home (for example, my home has multiple computers and hardware based VoIP/"Internet Phone" adapters hooked up to my DSL, and they can all run "at the same time").
And the higher quality routers can have other useful features as well. For example, the router (and router firmware) I'm using has QoS (so called "Quality of Service" controls). This allows me to choose which of my internet traffic is "first in line" if/when I'm asking for more internet than is available. One very useful thing I've done with this QoS, is put my VoIP adapter (my "internet phone") at the very front of the list of devices that get bandwidth (so instead of heavy "web surfing" causing my phone conversation to break up, which is what would normally happen, the QoS settings give my VoIP adapter all the bandwidth it needs to keep the conversations going and then gives my web surfing whatever bandwidth it left over)!
However, routers aren't a "cure all". A router can help prevent you from some types of internet attacks, but other types go right through a router (and are only stopped at the PC's themselves). For example, a router may help protect your computer against an internet worm trying to exploit some buffer overflow on some port of your computer. And that is real protection that you don't have without a hardware router/firewall. But OTOH a router will do nothing to prevent you from getting infected by say an email virus (and once infected, the router likely won't prevent your computer from being part of someone else's "botnet" either)!
And, as others have pointed out, broadband users are usually connected to the internet 24/7 (unless you turn off your internet modem, or unplug the cable). And this means that (unlike dial-up) you will be fighting off internet attacks constantly (not that dial-up users are "safe" by any means, just that BroadBand users are even more exposed). And you may be appalled to know just how many "attacks" are out there. As someone who has seen security logs for various firewalls (both at work, and at my home broadband), I can tell you that the number of attacks out there (for virtually all PC's on the internet) comes to several each and every hour
on a slow day!
So you have to be sure your "defenses" are constantly up, as one exploit getting through, can turn your PC into a remote-controlled computer "zombie" for the bad guys. Thankfully, decent defenses (especially when layered, which is why both a router and a software firewall are useful in combination), can usually stop most attacks "at the door". In fact, in most cases a BroadBand user taking some reasonable precautions to protect themselves, are actually more "secure" than the dial-up user that (falsely) assumes they are protected simply because they aren't connected all the time. So while protections are even more needed (with broadband), "the good news" is that proper protections are often effective (not always, but very often)!
BTW: One router function that most people don't use (and which not all routers/firewall's have) is the ability to log all traffic, both traffic that was blocked by the firewall and traffic that got through. Most people aren't bothered to worry about this. And unless you occasionally take a peek at those logs, it's pretty useless to make them. However, if your router/firewall lets you set this up (and that is one advanced feature I liked about my router), and you occasionally review those logs, you can learn a lot about what sort of internet traffic you have (including learning a lot about what sort of internet attacks your firewall protected you from)...
Oh, and anti-virus signatures often get "out of date" quickly, with the speed at which "the bad guys" are writing "malware". And "out of date" anti-virus info, can often mean that you aren't protected (or at least not protected as well as you may like) to some new threat out on the internet. But as a broadband user, you actually have an advantage in this area. That's because (unlike a slower dial-up user) you are almost always connected to the internet at high-speed. Which means that (unlike a dial-up user) it is practical for you to have your anti-virus set to update itself often (whenever your computer is turned on). In fact, I have my primary anti-virus program setup to check for new virus signatures every hour (not that the virus signatures are updated that frequently, just that I'll get the new signatures within a hour of them being released by the anti-virus company). As a result, my anti-virus defenses are almost always "up to date"!
