Yes, there can be no question that you're in danger:

If your computers are only connected to the Internet briefly, when you're browsing the web or retrieving and sending eMail, your connection exposure will be minimal. But if you are one of the millions of people who are discovering the amazing power and convenience of a persistent connection to the Net — through a cable modem or DSL line — and if you leave any of your computers on and connected for hours at a time, then your exposure is substantially greater.

That's a very good and reasonable question, but the answer might frighten you as it frightened me. Here's the crux of it:

Scanners?

Oh yes. Many Internet scanners specifically seek out and locate Windows file and printer shares (see samples below), whether they are protected by passwords or not! Malicious computer vandals leave these scanners running night and day collecting IP addresses — one of them might be yours! — then they "map" that drive's shares onto their local drive letters to gain total access to your computer's files!

The power of these tools is a matter of great pride for the true hackers on the Net. By "true hackers" I mean someone who is more interested in what they can do, than in what they can do to you. This is why I'm careful here to call people who break into your computer "intruders", "crackers" or "vandals" rather than "hackers." Hackers don't necessarily "do bad" with their tools and knowledge. They pursue "hacking knowledge" for its own sake.

To give you a feeling for what goes on out there in the nether regions of the Internet, here is a boast made by the author of the powerful "Asmodeus" scanner:

"Right now, Asmodeus is capable of scanning ranges of TCP ports on subnets. At the time I originally wrote the socket engine, it was the fastest scanner on the Net. Since that time, a few other scanners have been released which are pretty darned fast. Most of these are commercial and very expensive at that. Asmodeus can keep up. I have scanned entire class C's in less than a minute. You can scan some small countries in one night ;) I believe Asmodeus can stream along at a modest 30,000 sockets per minute under optimum conditions. All of the data that is gleaned from the scan is passed through a user-supplied script. This script allows you to define what security holes will be checked for. Also, you can trigger events based on what you find. If you REALLY want to hear a wave file play every time you find an IMAP service running, go crazy. You can spawn external processes, or other scripts." — Greg Hoglund

As you can see, it's more about the technology than about the damage that can be done. Greg, for example, is much more interested in how many countries he can scan than in their individual computers. (If you haven't clicked on either of those links right above you might get a kick out of reading something else Greg wrote.)

Unfortunately, the technology generated by the really top-notch hackers is made freely available to anyone on the Net. This technology is picked up by much less accomplished vandals or "crackers" (often referred to by the disparaging term "Script Kiddies") who take those powerful tools and apply them to much less intellectual nefarious ends.

Two typical NetBIOS shares scanners

Click image for full description.

Click image for full description.

Task