Port scanners aren't necessarily a bad thing - it's well worth getting one and pointing it at your own computers, especially if you're on an always-on connection.

I installed one (nmap: http://www.insecure.org/) and it taught me a hell of a lot about what my system was offering the outside world. Once the shock subsided, I started learning how to turn everything off. Only thing open now is an ssh daemon. Hack that

Yeah, I know it can be done. But Joe Script-Kiddie can't do it.

The problem, I think, is that while these things are relatively easy to fix, few people take the time to learn to do it. I was as guily as any in that until I got spooked six months ago by discovering that someone was using a copy of sendmail running on my Linux box to forward spam. I didn't even know I was running it - RedHat had helpfully set that and a bunch of other stuff up by default. Did a bit of reading, got freaked out and started running a tighter setup.