The problem is that the default installation of MS OSes (like the Pro/Server versions of 2000/XP) comes with those services (HTTP/FTP/SMTP/???) turned on and running by default. The good news is that MS has recently indicatedthey would be locking these down by default.
Sure XP/2K might not be your typical home setup, but 95/98/ME had their own set of vunerabilities. The l33t k1dz will go for _any_ vunerability and the best way to cut out _most_ types of attacks is a firewall and ZA is an inexpensive solution.
Personally, I've gone the ZA & Linksys router combo and it works great.