Whatever Leythos was saying in resposne to you, is a good as lost, since your posts will vanish from archives, and we don't see the discussion in the future.
So, without quotinf from that discussion. I'll try to keep any discussion I have with you self-contained within my posts.
NAT Routers do block incoming. The Win XP Firewall does too.
They would have different vulnerabilities. The vulnerabilities of the Win XP FW - or any PFW / software firewalls - have been discussed. Many users have theirs taken down when they go to a website!
There's no doubt that NAT Routers block incoming, and they don't fool for the old website thing - website exploiting a commonly used browser you run, and running malicious code on your system!
Here's a technical question though.. Even if you're in a LUA account. Can't a site run some malicious code. The code is a bit more limited in what it can access(certain directories and registry parts are no-go areas), but still it can do quite a bit. (just as many programs can do what they need in a non- admin account)