I've used BlackIce as a software firewall for several years now on BT, NTL, AOL and Telewest Broadband.

It has had some questionable reviews in the past. However, I have found it to be very easy to use/configure and extremely effective. I also think it excellent value for money - especially if you buy the 2 year licence option.

My only criticism is that is appears not to fail 'closed' as any decent firewall should. I use Hibernate and occasionally it doesn't like being 'woken up'. I may be wrong in this but I always boot up with my Internet connection disabled so not an issue.

It has a very low overhead and has had little or no performance effect on any machine I have installed it on.

For sure, a hardware firewall is the best solution, and there are many products available now which do not require you to understand too much about port numbers and writing access lists, rules etc..

I also agree with the performance implications of NIS. A good, solid product but can severely affect boot up time and general performance.