Computer security is in fact, for all machines connected to the Internet, a matter of degree. By that I mean that if you machine is responsible for processing credit card details for thousands of retailers you will need to spend in excess of $100k on security alone for each connection. If you are a single user using a 56k dial-up network via an ISP where your IP address is allocated dynamically, a software firewall and up-to-date anti virus programme will do just fine.
This does not mean that you will be “safe” you will be “safeish”
No professional “hacker” is going to bother to break into your machine as there are no immediate rewards for the hours spent. Trojan horses (most) can be blocked by just about all Firewalls. Viruses however are starting to become much cleverer that the software to detect them, I’ve even heard of some well known companies downloading (active new) viruses with their virus weekly updates as that’s now the best delivery system if you can crack their security.
As a general rule don’t store anything on any machine with any type of connection to any type of network, that you don’t want anyone else to see, use a stand-alone machine inside a Faraday cage.
Anything can be “hacked” given the time and resources.