1) Complain long and loud to your ISP about allowing ports 13x to be propagated to/from the Internet. This is the source of most problems.
2) Hit the MS update site regularly. This worm would have had zero effect on anyone that would have kept up on the patches for XP/2K.
I would say 99.9% of the firewall users have no idea how to properly configure a firewall. The brute force approach is to block all ports, including those that have nothing running on them. It yells to the Internet, "I HAVE A FIREWALL, TRY AND BREAK IN!"
People are too paranoid or lack the understanding of how networking operates.
First, there is absolutely no way any software can connect to your computer, unless the port is already opened on your computer. It is a networking impossibility for that to happen. Thus, if you must run a firewall, at lease just block the ports that are opened on your computer. The NetBIOS 13x ports are the serious ones. Port 443 for XP/2K is the other port.
I do not like software firewalls for one big reason. They steal CPU cycles away from all other software. I do not like consumer/personal routers as they are not complete. They lack load balancing, they use a very slow CPU, they do not have a complete NAT solution (or are very limited due to lack of ram) and they propagate NetBIOS ports (really stupid).
Of course, they have a firewall added to a CPU which is basically overloaded already (most have a 16Mhz CPU, and run a mini-version of Linux).
Anywho, I use a Linux box (Slackware) for all the work. A 233Mhz system with 32MB of ram and 2 nice ethernet cards. Of course, I have 6 computers on my LAN, and a couple of networked printers as well. My router has been up for just about a year now, with no reboots and no problems. Anyone having problems with type of setup simply did something wrong or did not understand how to set it up properly.
The nice thing about this is Linux will not propagate NetBIOS ports, even though I run Samba on it for a shared partition (does not propagate beyond my LAN). I have it handle all incoming email so it can toss any incoming attachments (always hated those things). I use it for my name server (more reliable than the ISP's is), and it handles my outbound email (masquerades so even my local IP's do not show up in the email header).
I have no firewalls or anti-virus programs running on any of my computers and have never gotten a virus on any of the systems.
Admittedly, this is not something everyone can do. It does take some knowledge and understanding of a lot of different aspects of networking, Linux, sendmail, samba, BIND, fetch, tcp wrappers and so on.
But, if you already have a computer laying around, it is about as cheap as solution as you can get and works much better than the consumer routers will ever be able to do.
