> Can someone reassure me that Code Red and Nimda are only
> problems if you are running a web server?
If you are running IIs then you have a range of possible problems - the netcraft site lists around 10 common vulnerabilities with a surprising number of sites still open.
Given that new and nasty holes seem to be found quite regularly then unless you have a really good reason to run IIs (?), the best advice is to run Apache - and even then I would make sure you check for any patchs for that.
> and not if you just have a standard ADSL connection?
I have seen advise that even dial-up users probably should run a firewall such as ZoneAlarm. I don't but then I run Linux at home <g>
