That's one very good feature in ZoneAlarm...blocking outgoing connections. If you get a piece of scumware you can stop it from calling home.

Except for the aforementioned thousands of independently owned and operated (often by those with very little knowledge of computer security) computers, yes.

NAT provides some protection against intrusion, but you probably can use a real firewall. Esp if you have more than one computer in your internal network and you want to do things such as port forwarding.

That's usually less secure than a wired network.

Which is why I have a firewall.

This is a pretty well-known deficiency with the Windows firewall. I wasn't sure it if had changed in the year or so that since briefly used the Windows firewall, so like I said, I tested it a couple hours ago. It didn't prompt me to allow any programs, even ones that I knew it wouldn't automatically allow.

The reason I always suggest a little home NAT router to people looking for easy "internet" security is that the NAT features will stop unsolicited internet packages entirely. I just wanted to explain that to complete my recommendation. I suspect many people here already knew that. But I had the fun just the other day of connecting a Linux box (that was going to later act as a firewall) directly to the internet, and firing up a packet capturing tool (Ethereal/Wire Shark). I had forgotten how much crap was out there. And all of that crap is stopped by a little $25 commodity router.

Also, I can vividly remember the MSBlaster breakout, and watching my friends' computers bang on my PC, which had Zone Alarm installed. I didn't get infected, and they were actually angry at me. Funny stuff. I should also mention that I already had the patch for that particular flaw installed by the time the worm came out. Again, "PEBKAC," to a certain degree, allowed that whole mess.