Software firewall only scenario... suggestions?

I'm configuring a Win7 Home Premium desktop for a non-computer-savvy friend who desires no-cost protection for this machine which will be directly connected to their Comcast cable modem (which I'm told has no user-configurable firewall functionality). This "simplicity and low maintenance are key, no external FW protection" scenario is new to me. The Win7 machines I configured before were for myself, and even before I got into complicated firewall etc rules I took a hatchet to services.

They used Comcast's complimentary Norton Security Suite (similar to Norton 360 v5 I've read) before, so I'm going to take a look at that (dedicated test LAN to sniff what it's firewall allows out, to port scan it, etc). I wanted to ping you guys too though, if I may, since some of you may have been down this road recently and have a better feel for what suites this scenario. It seems to me that a software firewall with a strong "public network by default" ruleset would be advantageous. Your thoughts?

 

Windows FW plus the $160 comparative worth value of the Comcast deal.

When your friend needs support, the support staff will be in their comfort zone, because it is the standard/promoted setup. When he is not tech savy, make sure he/she gets a good image and data backup disaster plan.

http://xfinity.comcast.net/constantguard/Products/CGPS/norton/?cid=NET_33_641

 

Is the "no cost" preference negotiable? An inexpensive (<$40) router with NAT and other firewall features used along with a firewall on the PC would provide better protection than any software firewall alone.

 

@Kees1958: Yeah... some user familiarity + ISP familiarity + PC manufacturer familiarity (it shipped with NIS 2012) might prove helpful.

@Victek123: I'm going to encourage them to buy or scrounge something. I'm sure the new PC and backup media were an unwelcome expense, so I don't know how it will go.

 

You can get a basic router for about $25-30, or maybe even less if he buys refurbished. And then he can add more computers or a game console if he wants, or use wireless.

Let him know that once it's set up, you don't have to manage it. Maybe just update the firmware with a known stable version once a year, but other than that, put DD-WRT or OpenWRT on it (unless it comes with that like some of the Buffalo routers) and call it a day.

 

I must resist the urge to disable/block things.
I must resist the urge to disable/block things.
I must resist the urge to disable/block things.