I've heard mostly good about tiny, but I would test it yourself first. At least with shieldsup and leaktest (also from grc). The theory being that
Shields-Up (down until further notice btw ) tests at least a few of the incoming ports while
LeakTest checks for programs ability to reach the internet un-authorized.
We know that ZA
will ask for authorization for any given program that connects to the internet. With the recent attacks on GRC I'm tempted to take all my machines off the internet and portscan the livin' begeezus outta them locally to make sure they're not "tricking me into a false sense of security"... still haven't done so tho' mostly due to the fact that I don't know how nmap (free portscanner running under *nix) works.
I know there are alot of on-line security scanners like GRC (I've tested at least two-three including grc) but still I would feel more comfortable scanning all ports myself. At least subject tiny or whatever firewall you chose to install to a couple of these before you install it, that's my opinion.
As for your mom Robor, ZA at least isn't hard to operate as I'm sure you know... The dialog boxes are straight forward and easy to understand... basically after a few minutes use all programs that need to connect to the internet should've done so and she should be fine denying further requests to connect to the internet.
Hope I could shed at least a little light, or if I simply made the situation worse you have my apologies.
With love and respect your fellow TA member
Two-FaceMy stats:
RC5
OGR-25
Seti
Gamma Flux