OK, your brain will be back online soon.
Then depending on your security needs you might consider the following 'solution':
Buy some NAT device. This is a router that is
(a) connected to your pc
(b) connected to your dialup/dsl/whatever line (you will need a router that supports your specific kind of i-net line)
Looks like this:
Code:
[font=Courier New]I-NET <---> NAT DEVICE <------------> YOUR PC
public public private private
net address address address[/font]
[font=Courier New] P A1 A2[/font]
Now in this setup your pc usually gets an RFC 1918 ip address. Packages destined for / coming from such an address will not be routed by internet routers (i.e. dropped). Therefore - and because no router on the internet will ever know your pc is assigned such an address - your pc initially cannot be reached by packages coming from the internet. Only your NAT router can be reached as it is assigned a public ip address whenever it connects to the internet.
Now to be able to use services offered on the internet from your pc the following takes place:
(a) Your NAT router, connected to the internet on one side (P) and connected to you pc on the other (A1), gets an address in the same RFC 1918 net as your pc.
(b) Your pc learns that the internet can be reached via your NAT router (A1).
(c) Your pc now doesn't try to reach internet servers directly anymore but sends all these packages to the nat router (A1).
(d) The nat router now exchanges the packages' sender address from the pc's private ip address (A2) to the nat device's public ip address (P) and then sends the package out to the internet. The package is now routable on the internet.
(e) The nat device remembers where which package, sent from your pc and destined for the internet, went.
(f) If there are replies to your pc's package it reverses the process of exchanging the sender address and now exchanges the destination address (P) of the package to your pc's private address (A2).
This is the process of network address translation (nat, masquerading).
This protects you from external attacks on your pc -
as long as you didn't try to establish connections to the internet from your pc. Once your pc sent packages out via your nat device it
can be reached from the outside, albeit on predefined ports from predefined sources. This is an Allow-All-Deny-Nothing security strategy from your computer's point of vies. A trojan that somehow got on your computer will have no trouble talking to the outside world. It will also have no problem making your pc accessible from the internet. Therefore this advice only protects you against worms and script kiddies scanning networks for vulnerable computers. The only thing they will ever see is your router with it's (hopefully) secure operating system.
Now if you want more network security you will have to employ a Deny-All-Allow-Some security policy. This means the nat device now blocks all traffic from the internet to your pc and vice versa. Then you will have to selectively allow communication for specific services. However this still is no complete protection against trojans as they might try to disguise themselves as requests for just these services. Then you'd need an inline intrusion detection system that is capacle of (a) detecting malicious traffic and (b) shutting off that traffic in realtime... I could go on for hours...
Well, let's solve your problem. I say:
(a) Get a nat device and put it between your pc and the internet. I cannot recommend any specific vendor, others hopefully chime in there.
(b) Never, ever do daily work on your computer (if it is running win nt, 2k, xp or vista) with administrative rights.
Configure a limited account instead.
(c)
This is worth reading and complying with.
(d) Be aware that you will not be 100% safe. Once a program has gained administrative rights on your machine, your machine is enemy territory. No software firewall or antivirus software can protect it then.
My suggestion only protects you from
(a) Worms and script kiddies scanning the internet.
(b) Malware that does not gain enough privileges on your computer to deactivate the antivirus software.
(c) malware that does not know how to circumvent a nat device.
It does not protect you from
(a) crackers who find exploitable security holes in your nat device's operating system.
(b) user mistakes - i.e. executing malware on your computer with administrative privileges.
(c) Unwanted transfer of data via allowed channels.
(d) malware capable of practically deactivating your pc's protection from the nat device.
(e) social engineering attacks.
Hope I don't get a tl;dr
