1. Get cheap/free computer with 2 network cards
2. Add [link|http://www.smoothwall.org/|smoothwall]
3. Profit!! (or, at least, a safe network).
Don't even bother trying to secure XP; it's a waste of time. The smart thing to do is firewall it properly.
Anything that runs on the box itself is basically crap because the Bad Guys have to get that connection to your machine in order for ZoneAlarm or whatever to do anything about it. This means that (a) if your Windows "Firewall" has a bug that causes it to crash on receipt of bad data you're (b) very very screwed.
Real security physically separates the unsafe connection (i.e. your ADSL router) from the safe network (i.e. your LAN; in this case, that's just lil ol' you).
Some people here will try to recommend Windows products. As I've noted above, they're pointless because the Bad Connection has already been made to your computer.
I use a Netgear RT314 gateway router to separate myself from the Internet; it's a stateful packet-inspecting firewall with a built-in 4-port 100MBPS switch. You can get these puppies on eBay for $20.
[link|http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItem&item=3074639612&category=23778|http://cgi.ebay.com/...12&category=23778]
Get it bought.