If you run a default Windows instalation, no FTP server, no web server, no network - is a firewall necessary at all?

If the system will connect to the Internet.
Then the answer is YES

If it will not be connected to a local network and or the Internet.
Then the answer is No

firewall is built for security and protection of a computer on the network, or maybe with the Internet.

if your going solo with no local area network connection or LAN, firewall isnt needed.
if your going solo with no local area network or LAN, but with INTERNET connection FIREWALL is a must!

Internet of course is considered a network, a global network.

Right. I forgot about the Internet connection. Thanks.

Is the Windows XP SP2 firewall good enough for the average computer user with no more than the default installation and an Internet connection?

No. It permits all outgoing traffic.

Do the free versions of Zone Alarm or Sygate filter the outgoing traffic?

Yes, they do.

Are Zone Alarm or Sygate flawed in any way? I guess that I am asking "Which is beter?"

The only firewall that protects this little Windows network is the XP SP2 firewall. Should we have more? I think that I have heard that hardware firewalls are better than software? How does that work? Don't the hardware firewalls just need software to run them anyway?

Sygate and ZoneAlarm Free are both good software firewalls. I've used ZoneAlarm Free, ZoneAlarm Pro, Sygate, Kerio, and Norton. I prefer Sygate. ZA and Sygate will both protect/monitor incoming and outgoing traffic. Sygate is hassle free on installation, lean, and reasonably easy when it comes to configuring advanced rules (if you should need them).

A hardware firewall, such as using a router, provides an additional layer of protection. It uses resident software/firmware, can be configured with advanced rules, can also tell you information about certain types of attacks. If you are talking about a home network, it kind of "hides" your computers from the outside world. Your networked PCs have local IP addresses assigned via DCHP and the router. The rest of the world sees only the router's IP, which is assigned by the ISP.

It is best to have both, but you must have a software firewall at a minimum.

My current preference is Kerio... It is the leanest and has a simple mode that makes it easy to use... Sygate would be next and ZoneAlarm a distant third...

All of the firewalls are flawed in one way or another. ;)

Right now I reach for Zone Alarm first. Simply due to familiarity. Sygate is my second choice. With Kerio a distant third.

Jes, if you're running a network that is connected to the internet and you are using just the Windows firewall as protection, it might be worth while to give us the details of the network so that we can give you some suggestions. From what you describe, I think your network might be very vulnerable.

OK. What do you want to know?
There are five Windows computers (three XP Home, one XP Pro and one 98SE). There is Internet access to one of them that shares the access to all others via ICS.

I'm presumming you are on a dialup internet connection and the modem is in the first computer. No routers, switches or hubs.

In that case, I think you could get away with a good software firewall on the machine with the internet connection. It would be better to have one on each computer, though.

How about Trend Micro Internet Security, it has its own firewall, any comments?

Five Xp connected to a switch, one of them shares dialup Internet access through ICS.