The personal firewall doesn't solve the problem that those things can happen. It can however stop or report on the traffic coming from the person in question.
The personal firewall will be bypassable by custom tools if users can install what they like.

The personal firewall won't be on at all if the system is alternatively booted.

Points of high assurance will do a wonderful job at dealing with such attacks... and users should never, ever, ever, ever I repeat ever be allowed to install software at will.

Without a change control process... no point in securing anything... since you don't even know what you are securing.

cheers,

catch