Now, y'see, this is an interesting quandary because I agree with both of you to a certain extent.
Mixture is right that it's dangerous to state that using no firewall or AV you'll be safe behind a NAT-only router browsing places like the Beeb. The reason behind this is that NAT opens a bunch of ports, down which a bunch of hijacked traffic can travel, and if you're not doing anything about sanitising that traffic or even checking your PC once it's arrived on it, then there's no hope for you really.
However, IO540 is also right to a certain extent by saying that you needn't go overboard with your defences. This is because the workload of keeping them all up-to-date and reliable would outweigh the workload saved by not having half of them.
Personally, I would go, as I have shown, with the golden rule of:
1) A SINGLE antivirus ONLY package (none of these all-in-one-AV-plus-firewall packages)
2) A NAT/SPF router
3) Malwarebytes pre-loaded
4) Windows Firewall
The reasons are (and the numbers correspond to above)
1) You should NEVER run more than one AV package with realtime protection at any one time (because they find each other and fight....slowing your computer down to a crawl and breaking it). You should never run a software firewall unless you know EXACTLY what you're doing with regard to blocking and unblocking certain types of traffic (and to this extent those who DO know how to run a software firewall should in no circumstances suggest that those who don't should).
2) NAT might not be 100% safe, but it's 10000000% safer than a modem, and is probably the reason why the internet still actually operates rather than having ground to a halt with all the numpties and their kids running infected computers behind modems. An SPF firewall in hardware is going to affect your computer MUCH less than a software firewall, and it means your computer isn't useless when you pick it up and use it in someone else's network (but of course you should be careful before connecting to theirs willy-nilly).
3) Malwarebytes Anti-Malware is STILL one of the very few pieces of software that I can instruct someone with a highly-infected PC to use to clean it themselves. However, the viruses ARE getting worse, and one day it'll be useless.
4) Windows Firewall is great. It's very unintrusive, and most importantly it's very hard to accidentally cock up the settings. The later versions in Windows Vista/7 DO provide outbound rules, and even better it's centrally controllable via GPO when in a business setting. Any other software firewall is likely to be none of these things, and as i've said on countless previous occasions, a badly-configured firewall is worse than no firewall at all.
So, why MS Security Essentials I hear you cry? Well, I'm persuadable for you to change that requirement to any of AVG/Avira/Avast/Kaspersky/F-Secure. However, if you pay for your package you need to understand that the virus definitions are likely to have been gleaned from others who will have paid for their package....and given that the FAR greater number of people who DON'T pay for their package are the ones who will be providing the free AV vendors their definitions, you can see why it would be better (and cheaper) to go free. Oh, and any of the other vendors of AV software out there had better seriously beef up their offerings if they want to be taken seriously. The likes of Trend/McAfee/Norton get immediately uninstalled from any PC I deal with, and that's unlikely to change at present.
oh, p.s. - yes I have seen insecure PCs behind NAT become part of a botnet, and the effects on traffic are horrendous. I would add one other item to the list above, and that's to educate yourself on the workings of viruses, and how to spot them or how to have a sneaking feeling you might have been infected. THAT would lower the infection rates!