Alerter and Messenger Services Disabled

In previous versions of Windows, the Messenger service is set to start automatically and the Alerter service is set to manual start. In Service Pack 2 for Windows XP, both of these services are set to Disabled. If you want to use these services go in and turn them on.

Ports blocked

If you run into problems with this here's how to fix;
At the command prompt, type netsh firewall set portopening TCP 445 ENABLE and then press ENTER.

Here are some other blocked ports 445 is the only one that you might want to open. These are used in file and printer sharing.
UDP port 137
UDP port 138
TCP port 139

Boot time security

In earlier versions of Windows, there is a window of time between when the network stack was running and when Windows Firewall provides protection. This results in the ability for a packet to be received and delivered to a service without Windows Firewall filtering and potentially exposes the computer to vulnerabilities. This was due to the firewall driver not starting to filter until the firewall service was loaded and had applied appropriate policy.

Memory Protection:

The last part of security is memory protection. Several services such as DCOM and RPC have been updated to help prevent buffer-overrun attacks.

The greatest memory protection feature is going to a take a while for most users to be able to benefit from. From the MS doc:

Execution protection (also known as NX, or no execute) marks all memory locations in a process as non-executable unless the location explicitly contains executable code. There is a class of attacks that attempt to insert and execute code from non-executable memory locations. Execution protection mitigates this by intercepting these attempts and raising an exception

Both Intel and Advanced Micro Devices ( AMD) have shipped Windows-compatible architectures for execution protection. Windows supports execution protection on the AMD64 platform and Intel Itanium Processor Family (IPF) processors.