The Windows XP firewall protects against port scanning but has limitations and it is no replacement for a robust 3rd-party two-way personal firewall.
1. The XP firewall is not a full featured firewall. Normal firewalls allow you to specifically control each TCP and UDP port but XPs firewall does not provide you with this capability. Instead, it takes a point and click approach to enabling or disabling a few common ports.
2. The XP firewall does a good job of monitoring, examining and blocking inbound traffic but makes no attempt to filter or block outbound traffic like most 3rd-party personal firewalls. Thus, the XP firewall does not identify which programs attempt to initiate outbound network or Internet communications nor does it block the traffic when suspicious activity occurs.
This feature can be helpful in preventing many types of malware attacks that may attempt to open ports or communicate with outside servers without the user's knowledge or consent. It also means that if your system has been compromised, a hacker could use your machine as part of a distributed denial of service attack.
By default, Windows Firewall rejects all incoming traffic unless that traffic is in response to a previous outgoing request. If you're running Windows XP Service Pack 2 (SP2), Windows Firewall is turned on by default. If you Firewall is not turned on by default, then your using an unpatched OS and need to update your system to SP2.
If you choose to use a 3rd-party firewall, you need to disable the Windows firewall. Running multiple software firewalls on a single computer can cause conflicts that are hard to identify and troubleshoot. Only one of the firewalls can receive the packets over the network and process them. Sometimes you may even have a conflict that causes neither firewall to protect your connection. However, you can use a hardware firewall (your router) and a software firewall (Kerio or ZoneAlarm) in conjunction.
A hardware firewall is really a software firewall running on a dedicated piece of hardware or specialized device (router). It can provide a strong degree of protection from most forms of attacks coming from the outside. Hardware firewalls are easy to configure and they can protect every machine on a local network. A hardware firewall typically uses packet filtering to examine the header of a packet to determine its source and destination addresses. This information is compared to a set of predefined or user-created rules that determine whether the packet is allowed (forwarded) or denied (dropped) on particular ports. They tend to treat any kind of traffic traveling from the local network out to the Internet as safe which can be a security risk.
With a software firewall you can specify which applications are allowed to communicate over the Internet from your computer. Programs that are not explicitly allowed to do so are either blocked or else the user is prompted for confirmation before the traffic is allowed to pass. Software firewalls generally offer the best measure of protection against Trojans and worms but they are harder to configure and must share resources with other running processes which can decrease system performance.
Norton Antivirus has a built in firewall called Internet Worm Protections (IWP) for inbound traffic similar to Windows Firewall but uses both "common rules" and secondary rules. If you have a program that receives data from the Internet, then by default, Internet Worm Protection blocks the incoming traffic, unless you create a rule to allow the program. If your using NAV then read "Turning on or turning off Internet Worm Protection in Norton AntiVirus
Norton Internet Security and Norton Personal Firewall come with more advanced firewall features. IWP will be disabled automaticly, or turned off if you install NIS or NPF.
Home PC Firewall Guide
Understanding and Using Firewalls