I think that, as in most things, the "appropriate" solution depends on your situation. For example, at work a host-based firewall would severely hamper various tools needed for day-to-day functioning; on the other hand, the network at my home has several computers, most of which are not mine, and therefore I don't entirely trust them to be secured and patched, thus I run a host-based firewall even though I also have a router with a firewall running. After all, how do I know that my friend's unpatched/unfirewalled machine won't get infected if something manages to get past the router's firewall, and thus establish itself within the "trusted" portion of the network?