Again....(as I've already stated above) unless your "router" has more than a 100MHz proc with 8 or 16MB of RAM it's "firewall" isn't much of a firewall. Running software tests like "can I be pinged" or....."which ports are open etc." are not really an indication of being "firewalled" by todays standards. A true firewall performs traffic checks based on ALG's and has a proc/mem that can actually properly perform SPI (for what it's worth). The reason for this is so that traffic can't "pretend" to be other traffic in order to fool your network devices.
For Example: So you can't be pinged, and every port is closed for unsolicited traffic.......big woop.......when you go out on port 80 (web traffic) to view something on the web what exactly is your network device doing to ensure that something else which isn't "web-traffic" (and therefore shouldn't use TCP port 80) isn't in fact using port 80 to come back into your system? That's right.....NOTHING. Unless you run a hardware device which is truly capable of using ALG's or performing SPI you are "trusting" that everything coming in on tcp 80 is in fact http traffic.
Also...."immunizing" your browser (which amounts to protecting certain registry keys from being edited) is something I'd rather trust to the system's local security policy and/or by not running/browsing from an ADMIN account. If you are already doing that then there is no need to give away the extra system over-head away to a third-party program.
Avast doesn't have the greatest record, but that nonwithstanding using/editing your system's "local security policy" is again a much better way of ensuring baddies that slip in can't fully function (and can then be cleaned out later with no issues), rather than again trusting some third-party program to not lapse and be your EDGE-protection.
Of course protection in layers is important. Please don't assume that running various different third-party software is doing that. Protection-in-layers means that while you might have some software installed to run scans etc. for "peace-of-mind" the ACTUAL protection of your system is trusted to running everything on your system from a LEAST-priviledge-needed mindset, properly understanding and configuring your built-in local security policy and if one can be afforded a true hardware firewall at the network EDGE.
Software isn't infallible.............however a security-centric mindset (including least-priviledge-thinking etc.) puts the odds more heavily in your favour.