I recently got hit by a trojan (Kaspersky called it "Backdoor.Win32.rBot.Gen"). I saw this thing either take over my TFTP program (or install one of its own). It installed several programs on my HD to start up with Windows (XP Pro), like "IEXPLOREUP.EXE", and used them to transfer data out to the net, via TFTP. Exactly what it was transferring, I have no idea. I have since renamed Windows TFTP.EXE file, because I don't know why it is even there, if it can be exploited so easily by hackers. My security before this occurred was Kerio 2.1 as a firewall (always made sure I got 100% stealth ports on GRC's "ShieldsUp!" test), Kaspersky (always ensure my definitions are updated), and for good measure, GIANT AntiSpyware. I have TrojanGuard on the system, but only use it for scanning, to conserve resources.
Despite all these measures, some mofo still managed to circumvent my security. I don't know how, but all I know is at one point, my firewall and virus program stopped loading with Windows. I don't know if the trojan somehow disabled them, but I know I didn't take them out of startup. I just wasn't so quick to put them back and next thing you know... There was a point where I saw Kerio crash before my eyes, and then it just took itself out of memory and was no longer active. Never saw it do that before, and again, I don't know if the trojan was responsible for this.
Which leads me to my question: I have a hi-speed connection, and I'm thinking of leaving it on all the time (ease & convenience), rather than just starting it up whenever I do browsing. For this to happen, I would want to have bulletproof security to where I'm confident my firewall is not going to go south on me. I don't know yet whether SP2's Security Center will protect me from hackers trying to disable my firewall via trojans. What if I have a backup software firewall in place in case the first one gives out? Is it possible to acheive a level of software security to where a home user under XP Pro SP2 can be confident in leaving a hi-speed connection open without fear of hackers circumventing the security measures? In other words, WHAT AM I DOING WRONG HERE??!
Thanks for your opinions.