A router does its job by shielding your computer from the internet. It physically disconnects your computer from the outside world.
You can, for the most part, get a similar effect by running a "personal firewall" like ZoneAlarm on your computer. These programs run on your computer as close to the network interface as possible and screen every tiny bit of data going into or out of your computer to make sure it's legitimate. They do have drawbacks, however. They do make your computer slower because they're analyzing every network packet. They can be annoying because they often ask you questions many users won't know how to answer. But the biggest thing is that, with just a personal firewall, anyone on the internet still has direct access to your computer. You hope that this firewall program will be sufficient to keep those people out, but.. the thing is running on your computer, and these people can still interface directly with your computer. They can probe your ports, poke your firewall to see if they can find any holes, etc.
When you install a router, people cannot interface directly with your computer because there is a literal physical disconnect. No one on the internet can directly interface with your computer *period*. They can only interface with the router itself. This simple fact means that installing a router is a huge boost to the security of your system.
There is one area where personal software firewalls do have a leg up on routers, though: personal firewalls inspect the data *leaving* your computer and can alert you if a program on your computer is trying to access the internet. Usually this is legitimate (Internet Explorer, for example, obviously will be sending internet requests), but sometimes you can have spyware or bots communicating with their masters or home servers without your knowledge. A personal firewall would catch this before they actually got any information out.
Of course, IMO, regular spyware and virus scans will catch the same programs though, so it's not something I generally worry about.
If you have a router installed, there is less need for a software firewall, but I recommend leaving the Windows Firewall enabled anyway.
You still need to perform regular virus and spyware scans, because spyware and viruses generally get installed through malicious web pages or direct user action, not through hacking from the internet.
I also suggest to people that they disable all of the "real time protection" aspects of their "protection" programs such as Norton Antivirus and Ad-Aware and so forth. These programs are of very limited use and *greatly* slow down systems. Norton's "real time scanner" scans every single file your computer accesses every single time you access it. Opening Word, for example, accesses hundreds of files on your hard drive, and Norton stops and scans every one. It can double application load times and make your hard drive thrash twice as much as normal.