You have to look in the application to find the tcp port number it uses. One place you could find the vnc port number is here: http://en.wikipedia.org/wiki/List_of...P_port_numbers
, although I run VNC on a non-standard port so the list wouldn't help me.
The windows firewall is quite good, and installing tightvnc doesn't create any security holes. Windows firewall has a feature that I don't think is in linux, you can allow incoming connections by program file name regardless of port. This is what TightVNC configures with it's installer, it tells the windows firewall to allow connections to tvnserver.exe. I find this reature handy since I regularly use different vnc port numbers and I don't have to diddle with firewall port settings when I change my vnc server from port 5902 to 5911.
You may want to get a little familiar with nmap to help you identify open ports on a system. Also http://www.grc.com
has an on-line scanner that will tell you what ports are open on the computer you use to visit their site. Plus there is a lot of generally useful information on that site.
When you have routers and external firewalls in your network you also need to understand port forwarding to allow connections from outside that device.