Whereas one job of a personal firewall is to block potentially malicious inbound connections to your machine, another is to block potentially malicious outbound connections. For example, if some malware does find its way onto your system and then it attempts to "phone home" with whatever sensitive data it may have found, a good personal firewall should stop most outbound communications dead in their tracks until the end-user explicitly allows it (one problem with such conditional blocking is that end-users are rarely presented with enough information on which to base a decision).

An old theme with the personal firewall that Microsoft offered for Windows XP (Service Pack 2) is how it was pretty useless given the way it only offered inbound blocking. In fact, back when that firewall first came out, I pointed out how it was worse than having no firewall at all. With no firewall, at least you know you have no firewall. But, with a firewall that doesn't work, you're led into having a false sense of security.

So, while Microsoft's anemic firewalls are an old them, you'd think the problem would have been corrected in Microsoft's Windows Vista. According to CNET's Robert Vamosi, perhaps you should think again. Writes Vamosi:

In Windows Vista, Microsoft says its new Windows Firewall is now two-way, that it adds outbound protection, but a closer look reveals that this is more deceptive marketing spin. With Windows Vista what you get turns out to be a half-cocked firewall that's hardly worth the upgrade.