To put it mildly the firewall that comes with Windows XP sucks! It is a pain in the rear to try and configure as you have to create entries for each port the programs are going to access. I have heard not so great things about Zone Alarm.
Thanks to a tip from a member over at Go Firefox!, I looked into and have been using Sygate Personal Firewall. What I love about Sygate is the simple interface and configuration. If an application is trying to connect to the Internet, Sygate will popup and and inform you that this application is attempting to access the Internet and will ask if you wish to allow. A simple ‘Yes’ or ‘No’ setup with the option to always use that choice.
In addition if an application has changed which is normal for updates, but also can happen due to viruses and Trojan Horses, Sygate will alert you the application has changed since the last time you accessed it. I go through this each time Firefox or Thunderbird has been updated. Sure it may be annoying to get the popup, but better to be safe and besides other Firewalls will just simply block the application without alerting you.
Sygate also alerts you to port scans (an open/unprotected port is an invitation for a Trojan Horse or worm) and can provide the IP address of the computer that attempted to scan your machine with the option of a back trace.