It happens all the time … I'm talking to a group of students, and I find out one of them has a direct connection to the Internet via DSL or a cable modem. "You'd better get a firewall in place", I urge them. "Why?" they always respond. "To keep people out of your computer!" is my reply. Invariably, the student's response back to me is along the lines of, "Why should I care? I've got nothing special on my computer."
No offense, but that's pretty shortsighted.
Here's what can happen if your Windows machine (or ANY type of computer, for that matter … it's just that Windows is so vulnerable) gets hacked, in ascending order of trouble:
1. You get hacked. The bad guy looks at your stuff. Most people say, "No biggie". I disagree with that sentiment, but OK, fine. If you don't care about that, that's your decision.
2. You get hacked. The bad guy erases your hard drive. You get to reinstall everything. I don't know about you, but my time is worth more than having to reinstall Windows more than the once a year you need to reinstall it anyway just to keep in stable. If you've got lots of time on your hands, I guess it doesn't matter.
3. You get hacked. The bad guy installs a keyboard logger. He gets all your passwords, your credit card numbers, emails of your friends, etc. He can quickly make your life a living hell. This you want?
4. You get hacked. The bad guy installs Back Orifice or Sub7 on your PC. It is now a zombie, controlled remotely by the bad guy. Once a couple of 100 machines have been zombified, he sends the commmand one night to all of them to start attacking, oh, the Dept. of Defense's Web server. You get a visit from the FBI. Right now, I would not want to be getting a visit from the FBI regarding a matter of national security.
See what I mean? It's not just a matter of "not a big deal". It's a matter of what the hacker decides to do, how malicious they are, and how open you leave everything.
Bottom line—don't expose your computers directly to the Internet. That is a very bad idea. Get a firewall.