I did a test about 6 months ago. almost a honeypot, but not quite.
put a standard windows ME system on a RW IP
put a $60 cable router in front of a similiar system.
the ME was compromised and made into a Bot in 3 hours.
The $60 router protected one was not compromised in the
2 weeks it was used.
Both had AV and were updated daily via automation.
Ok I've not done this but I wasnt aware vanilla installs that are patched had
such glaring holes? My first thought is surely a default install has no open
ports other than netbios and I assume all file sharing is disabled? No?