In my business, I am getting fed up with Windows installing patches, Norton software slowing down everything, etc.

Thus I've decided to build a second PC and only use that for emails and internet and leave my main PC for work processing only. I'll remove Norton from this PC and install it on my email machine.

I've bought a KVM switch so I don't have to duplicate some hardware. The only problem I see is with sharing my HP 2600 LAN printer (and also data transfer between the computers). I'd assume that if I network the two together, then my main work PC will still always try to access the internet. So can this be disabled (and thus keep thus PC free from spyware, hackers, etc). Should I install a firewall card or what?

Currently the main work PC has XP on it, but when I go to this setup, I'll probably migrate to Vista (as I plan to do a clean HDD install and only install essential work related software).

Any advice is greatly appreciated.

You should be able to use the built-in firewall to block all ports (in and out) except 137. 138, 139 (both UDP and TCP should be open). You might want to have TCP 445 open as well.

At least, you can do that in Vista with the advanced firewall UI. I'm not sure offhand if you can do it with XP.

Or you can assign a IP adress to your working machine in the same range off the printer and Net PC but leave the gateway blanked out togheter with blank dns's and it will not require Firewall or AV... The SUBNET mask must be the same as in your network but im not sure about that...