I guess a firewall with outbound protection is a good idea, as you may know Microsoft implemented outbound filtering in Vista's firewall, mostly because people complained about it. So far so good.
Problem: Most modern firewalls recycled the original notion of a "firewall". A firewall is, essentially, a program that does not let any program connect to the Internet unless you say it so, and even then, the firewall limits the connection to the program and to a given port or range of them, all using a particular protocol. Some other firewalls, work with IP addresses, but of course, this is nearly unusable at a user level, and only used at enterprise level, as pointed by Liquidmantis below.
By opposition, firewalls like Comodo, ZoneAlarm, etc., work like a firewall and as a all-around security suite, implementing all kind of mechanisms to detect and patrol aspects of the system that a normal firewall would never care about, some of them are even application specific (for example, IE extensions, that I saw Online Armor analyzes), or totally unrelated to the Internet, like controlling startup entries.
The question is: Is all of this really necessary or are security makers playing with our paranoia? It's accepted that an antivirus is somewhat useful, considering all of the things the Internet is up to these days, like malware using JavaScript code (I came across one of those, avast! took care of it), this worm that it's still not controlled and uses cross-site scripting, or those popups that come up from nowhere and try to install "nice" software in the PC (adblocking to the rescue).
OK, based on this, one can say more protection is necessary, if the antivirus fails, you have the "firewall", but then, why do all security makers try to offer everything-in-one suites instead of selling you layers of it? A traditional firewall is useless in this situation, the thing you need is something to scan up particular locations of the system, something you can do later with free and very light software. I've seen during quite some time how everyone tries and fails miserably to design a competent one, now it seems that MAYBE Eset finally came up with something worth having, but mostly because they opted for a light firewall, and they have a good antivirus, that gets more things than the rest, all while being lightweight (again, it seems they borked the thing judging from some opinions I've read).
While not going for the opposite, selling applications separated and, if you wish, opting for a security suite, to get some people happy? Alwil Software seems to be going this way, which is something I applaud, and Eset, while not selling the firewall as a separate product, at least offers the antivirus, which is something other competitors are not doing, maybe because they don't even have that.
It's clear that, judging from the pace at which virus databases are growing (a-squared currently detects more than 1,000,000 million), proactive detection is needed, but at this cost? Do these applications guarantee me that if I go to a really nasty site, my computer will make it out of it? And then, why would I go to such site in first place? Would not be better to use a sandbox to be "absolutely secure"? Probably, and a much better option.
So then, if I restrict myself to good sites, that virtually won't be attacked and plagued by unknown malware, where's the need of such security on my back? Even if you do heavy torrenting or frequent eMule, I think there's no possibility of an attack using the application unless you're using a old version. OK, maybe the file could be infected, but you do analyze it before using it.
That's why I'm wary of using "firewalls", though I stated several times before that I'd try this or that firewall (that, and lack of time for such testing
). If you use good practices and a router, I would go even as further as to say that an antivirus is unnecessary, except for scanning what you download from the Internet, and provided you use some passive protection (adblocking, blacklisting, whatever). I use an antivirus, because I prefer to do so, and saved my back a few times, complemented with a spyware scanner, mostly because it monitors autostart sections, and though I stated that good practices would make this unnecessary, it does not get in the way, and provides me information about what applications are doing, thus saving me of launching Autoruns to see if that installation did this or that.
The more I think about it, the more I'm convinced that modern security software is designed to protect us from ourselves, that from the outside, watching everything in the computer, and asking for our permission... wait, when you're doing something on the Internet, YOU decide if something should be done or not, so why do we have to answer two times to the same question? And most times it's easier to check before jumping, that than to discern what the dialog is talking us about (cryptic descriptions, unknown executables, etc.). For a newbie, such software is unusable, because they have no clue about what the application is asking them, an expert or experienced user does know beforehand what do with that link or that file, don't they?
The funny thing is that people that used to preach the usage of layers and layers of security, like Gizmo, are now taking the minimalistic approach, yet more and more security software makers continue to jump aboard with more complicated software, while things are not as bad as they used to be in the darker years (pre-SP2). Man, it used to be a jungle back then >_<
Maybe malware is quite more sophisticated than before, and uses other avenues to attack (it used to be vulnerabilities, now it's all about social engineering), but people is smarter, and malware writers seem more keen on spying on us, demanding money or making our computer "join the army" than destroying up data, which is quite a relief
Em, phew!
EDIT: Rephrasing and fact correction
