From the college student perspective-

When I fixed blaster and sasser, people asked me how they got them. I said it's because they didn't update windows. So I would turn on auto-update for their AV(if they had it) and windows. Problem is, I'm not willing to keep track of all the software they use to make sure its updated and configured to update. In this case, a firewall is necessary to protect what could possibly exploit unupdated software. I'm not going to tell them they need to pay 100 bucks for a hardware firewall when I can have them install a free software firewall and configure it to update itself and work in the background. If I worked for Best Buy, hell yeah I'd try and sell them some stuff. But people don't like spend money on things they don't understand. Besides, we can't have routers in our dorms because we are only supposed to have 1 box per student. The school doesn't offer any firewall beyond our rooms (otherwise we wouldn't have been effected by sasser). Software is the only option for me.

As for resources, I like to keep things running smooth, but I only notice a difference when I'm rendering. Most people don't render, but most people don't run 2.0+ ghz either.

btw-
Hardware firewalls get exploited too.