Within four minutes, the unprotected SP1 box was hacked via a buffer overrun in the Local Security Authority Subsystem Service (the same flaw used by the Sasser worm). Shortly thereafter, it was hit with the MS Blast exploit, as well as continued attempts using the Sasser flaw. Ten hours after the experiment began, the machine was screwed.
Please recommend hardware firewalls to friends and family who have home computers connected to high speed connections. I like Linksys firewalls, especially the WRT54G, but any hardware firewall should be sufficient.