Originally posted here by Winston
If your system is properly locked down, i.e. serivces, patches, etc.

You simply don't need a firewall.

And, there is nothing wrong with ICF. If you put the effort into it, Windows with ICF is just as secure as any other OS with any other firewall.
I agree with that... if you are a server!

Desktop users require functionality... functionality and variety brings insecurity.

IE... Outlook... Winamp...

All have been exploited and can continue to be regardless if a firewall is in place or not. And then, what if the payload is a trojan? Firewall is sounding pretty good right about then.
A reverse bind shell will beat SP2, but I haven' t found a firewall I like yet that blocks outgoing connections without trying to get it's hands in everything.