I'm configuring a Win7 Home Premium desktop for a non-computer-savvy friend who desires no-cost protection for this machine which will be directly connected to their Comcast cable modem (which I'm told has no user-configurable firewall functionality). This "simplicity and low maintenance are key, no external FW protection" scenario is new to me. The Win7 machines I configured before were for myself, and even before I got into complicated firewall etc rules I took a hatchet to services. They used Comcast's complimentary Norton Security Suite (similar to Norton 360 v5 I've read) before, so I'm going to take a look at that (dedicated test LAN to sniff what it's firewall allows out, to port scan it, etc). I wanted to ping you guys too though, if I may, since some of you may have been down this road recently and have a better feel for what suites this scenario. It seems to me that a software firewall with a strong "public network by default" ruleset would be advantageous. Your thoughts?