Not much point opening ports on a disabled firewall, I wouldn't think. The thing to do is shut down the firewall and any scanning/blocking software and try the Windows Update site. If it works fine with the security and privacy stuff shut off, you know the problem lies there. If it still doesn't work, the problem is elsewhere. Naturally, before doiing anything else, enable everything again before leaving Windows update or doing anything else with your machine. If it works with the stuff shut off, enable one privacy/security app and see what happens the next time you visit Windows Update. Continue enabling stuff untill you find the problem. I'm gonna guess, at this point, that if it is a resident software issue, its the firewall. The configuration settings for many (but not all) firewalls have a "Trusted Sites" provision; add Windows update to that, and you're set - if the problem turns out to have been the firewall. Of course, ad blockers, pop-up stoppers, and even some antivirus applications can interfere with downloads.
And, as mentioned in the link I provided earlier, even an imprperly installed update or service Pack can interfere with future update downloads. Read the articles linked to in that post for more info.
If you're using Windows XP Service Pack 2, and relying on Windows Firewall (better than no firewall at all), have a look at
Manually Configuring Windows Firewall in Windows XP Service Pack 2
Oh, and if its of interest, Windows Update uses Port 80, same as your browser (its a web page, after all), and Port 443 (for SSL).
Of course, all this is just my opinion - anyone is welcome to take it as they wish; I'm certainly not The God of Computers :wink: