I wouldnt surf for a second with out a firewall.
The one that comes with XP will stop most incoming traffic, but it wont block out going traffic and lacks configuring tools.
I have used Zone Alarm for 3 years and love it but I have an old 233 box sitting here and when I get the time I will load it with SmoothWall and test it with a wireless network.
Both have free options.

Software is not a true firewall. Someone can always write a program around it. Get a router, they're cheap - down to about $30, which is less than software.

You can get a Linksys router/firewall for around 60 bucks. It's fast and you can do a bunch of tricks with it. Not bad for the money and very easy to operate (all HTML screens for operation).

You get a 4-port switch as a bonus.

If you don't need wireless, try the "BEFSR41 EtherFast Cable/DSL Router with 4-Port 10/00 Switch" that is available from various vendors.

Take the advice – in the previous posts -- and skip the software solutions. Get a hardware solution.

YMMV

Have router with firewall plus ZoneAlarm on machines. Not much gets through the router, some pings when connected to AOL through their program (always interesting to see what other folks are doing to your machine that you aren't aware of).

ZoneArlarm great for stuff coming from your machine, shows all active Internet apps. If you happen to see weird activity you can check it out, usually turns out to be auto Windows or Norton update, but nice to know. Also, why did Internet Explorer ask to act as a server yesterday? Haven't found out yet but was able to nix it.

hardware. I have a linksys router/switch/firewall and I've never been broken into.

ZoneAlarm - easy to use, very well known, loads of users and well supported (regular updates). Great for letting you control what programs are making outgoing connections to the net, which many other firewalls (including some hardware ones) don't let you do.

they're cheap - down to about $30, which is less than software.

Except that ZoneAlarm is free. :)

I got Trend PC-Cillin 2002 and its personal firewall with a new motherboard once, and as far as I'm concerned it's great. Blocks everything you want, easy to allow certain hosts, and unintrusive.

I use ZoneAlarm on my PC, which is connected to an old SparcStation IPX running NetBSD, which acts as a firewall and occasional file server (and has the 56K modem attached, of course). IMO ZoneAlarm /may/ be the best of the software firewalls, but a hardware firewall is better.

On DSL, you very much need a firewall, unless you want to wake up one morning and discover that your PC has become an MP3 server... or worse. :)

With the Linksys router you can share a dsl connection plus have the bonus firewall. It's recommended that you also have a software firewall.

The latest version of ZoneAlarm has cookie blocking, ad blocking functions that intrude into the surfing experience. IMO they're trying to do more than I need.

True, I can disable it, but I always get the feeling I may have disabled something I shouldn't have. Additionally, I've noticed that ZoneAlarm ADDS code to what you are looking at:

For instance, I previewed a page of mine in a ZoneAlarmed PC and was dismayed to find an extra "<" before the doctype. This caused a "<" to be displayed in the upper left corner of the browser. When I looked at the browser source code, I discovered the extra "<" in the browser source code.

The funny thing is, IT DIDN'T EXIST IN THE ORIGINAL SOURCE CODE. ZoneAlarm had added it. There was no other culprit, as there was nothing else standing in between the source code and the browser.

I restarted the computer and that peculiarity went away.

When I looked at the browser source code again, I noticed that ZoneAlarm had added some anti-pop-up code! And get this: I had disabled all the anti-pop-up options in zonealarm.

The one zonealarm pc in my house is the only one with the browser display anomalies. The other computers use the Sygate firewall: No hassles or problems on the Sygate firewalled computers.

If you are having weird browser problems, it may be ZoneAlarm. This is my experience, and I don't represent this as anything else.

At this time all I use is the Zone Alarm software program.
I mentioned SmoothWall in post #2 not because it was yet another software solution but because if you have an old box laying around and load Smoothwall on it you will have a router with the ability to configure extra fire wall protection.
It will wipe the hard drive and install a mini Linux OS set up to work as a router/firewall.
Throw in a couple of $10 10/100 cards or wireless and you are set. just add .org to the product name and check it out. Great way to recycle an old machine and protect your new one.

I run a Linksys Router/Firewall AND Zone Alarm.

The latest version of ZoneAlarm has cookie blocking, ad blocking functions that intrude into the surfing experience.

Only in ZoneAlarm Pro, the free version doesn't have these 'features'.

...for around 60 bucks... BEFSR41 EtherFast Cable/DSL Router with 4-Port 10/00 Switch

Was in Fry's Electronics in San Diego and saw a table of these sale priced at $30. I paid about $85 for mine 2 years ago. The wireless were down to $65.

I understand how routers prevent incoming attacks, but how do they control outgoing connections?

Do you have to authorise outgoing programs in the configuration? or do you just specify which ports can be used?

I'm pretty happy with my Sitecom 4S router/switch, ca. 70 euro, with a configurable firewall built in. Plus McAfee Guardian on the PC I use most. Never had any uninvited visitors, AFAIK.

Some of the people I work for use Norton Personal Firewall 2003, a popular package which nevertheless can cause problems. It sometimes adds code to webpages, and causes trouble with SSL connections. Search the web and you'll find plenty of cases.

Software can be broken, routers aren't firewalls.

Get a firewall, build a firewall, buy a firewall.

Anything that does Stateful Packet Inspection is a good start. If you want to have real security, lock it down. Deny outgoing connections on rogue ports etc.

I could go on for days.