XP's built-on firewall works fairly well for incoming traffic. Though it has no outbound protection, which renders you helpless to trojans or other programs accessing the internet that you might not want doing so.
I have tried the McAfee and Norton firewall suites; I found zone alarm to be the best of them all. It allows assignment of specific program access to the internet and can prompt you to deny access to any program at any time. Also it places your ports into an effective "stealth mode", hiding them from any incoming pings, etc. This all comes with the free version.
The PRO version offers the same level of protection, but offers many more customization options and a highly effect ad-blocker. ZA also blocks scripts it considers possibly malicious. One of these scripts happens to be eBay's java app for listing items; thus, I have to turn off ZA to effectively list an item. Browsing the web without it active is simply a totally unpleasant experience. It's astonishing as to how many pop-ups and floating ads there are now! ZA blocks, I'd say 90% of them. I only get an ocassional pop-up and never seen those in your face ads they're using now until I used the web w/o ZA. Even as I type now I notice that at the top of this page, where it says "THG Community", below it where an ad should be there is simply a blank white area since ZA blocked it.
Lastly, it offers privacy options that are far superior to internet explorer's cookie and privacy controls. As mentioned above, there is protection from code that is potentionaly malicious in email and websites.
Hands down the best firewall of the bunch. I don't feel safe without it, especially being on a broadband, always on connection and my frequent use of kazaa and other p2p networks.
Try a 30-day trial of PRO, <A HREF="http://download.com.com/redir?pid=10148660&merid=69168&mfgid=69168<ype=dl_dlnow&lop=link&edId=3&siteId=4&oId=3000-2092-10148660&ontId=2092&destUrl=%2F3001-2092-10148660.html" target="_new"> here.</A>