AbigailII: Some ISP's will allow servers as long as they are non-business related (and don't draw too much traffic). As for firewalls, If you are on the internet, you should be behind a firewall. I have yet to meet someone (myself included) that can configure their OS to sufficently protect themselves and others against malicious behaviors so prevelant on the internet. If you can...are you available for consulting?

At one point I just had dialup, even with that type of connection, I received attacks. There are some attacks that use your machine to attack others. Do a search for Distributed Reflective Denial of Service attacks for some interesting reading. There are so many intrinsic service of Windows that can be used for attacks. That is why Microsoft has started including a personal Firewall in its operating systems.