Zone alarm is good, but tone down the language BRL - you sound like the Daily Mail

Zone alarm is not picking up people trying to 'hack into your pc' - what it is picking up are port scans aimed at a range of IP addresses, one of which corresponds to your computer. Roughly equivalent to ringing a range of phone numbers and seeing if someone answers - or if the line is engaged, or the number is unobtainable.

Any answer indicates a computer is present at that IP address, and that address may be logged for further investigation. All that Zone Alarm is telling you is that someone tried to port scan you - and it may not spot them all, because there are a number of port scans that intentionally mangle the TCP packets to make a scan harder to spot. I'd almost say that anything that a home firewall does detect doesn't represent a serious attack, just a kiddie playing with nmap, because anyone knowledgeable will be more careful.

Most commonly these scans are looking for active ports used by trojans - SubSeven being the one that my firewall is picking up most at the moment. This is software that you have installed yourself, thinking that it was something else. Remember that 'Brittney Spears Screensaver' e-mail that didn't seem to do anything when you ran it... Some of these trojans do allow access to your PC - they are not nice. However, that's as sophisticated as most of these 'hacks' are. No active port on your PC, no further interest.

Assuming for a moment that the scan is the precursor to a real hack attempt, rather than some kiddie playing with SubSeven, then anyone interested in your computer will then start scanning every port on your computer. Your firewall should go ape at this point - assuming that it is smarter than the hacker, which for a home user may not be true. They will be looking for ports opened by clasically-hackable servers like netbios, telnet, ftp, http and the like, which can - with some skill - be hacked through. However, very few home users should be running these services - for example, try typing 'telnet 127.0.0.1' in a dos prompt. Try ftp. Unless you're running something like NT server, then they are only there if you've set them up yourself. In that case you should know the risks...

Most common reason to hack a DSL'd home user at the moment is not to put dodgy pictures on your hard disk, but to install a program that, when activated remotely, will blast TCP crap at a given address (However, like the remote-access code installed by SubSeven et al., this is more easily done via trojan, rather than directly). One computer doing this isn't significant, but get hundreds and you have the makings of a Distributed Denial-of-Service (DDoS) attack - take a look at grc.com for more on this game.

To finish this essay , the best protection is just to make things difficult - because most people do not do this. Why take time and effort to hack Mr. BRL's ZoneAlarmed PC, when Joe Sixpack on the next IP address is wide open and leaking netbios information to the world...?