When Microsoft first released Windows XP it had a firewall (ICF), but it wasn't enabled by default. This changed with the release of SP2, where Windows Firewall and its one-way (inbound) filtering arrived on the scene.
This was an improvement, but the firewall was still unable to control traffic leaving your PC. Spyware pests, Trojans and bots have a field day when they manage to infect a system protected by XP's built-in firewall.
Microsoft has addressed many of these concerns with the new Windows Firewall included with Windows Vista, but it's not necessarily what the world has been looking for. Program-based control is imperative, but Vista won't alert you in any way when a program or process attempts to connect to the internet. In fact, the entire outbound filtering module is disabled by default.
You read that correctly. Windows Firewall in Vista includes the ability to filter outbound traffic by program, port and protocol, but it's not enabled by default. You need to dig into the settings of a new administrative tool called Windows Firewall with Advanced Security to create the rules required to control outbound traffic.
Novice to intermediate users will have a tough time getting rules right and we suspect many will look to third-party alternatives quickly.
That being said, Vista's firewall is a great option for experienced users who understand the rules and want a high level of control over what enters and leaves their PC. The firewall also supports different network profiles - domain, public, and private - to allow users to move a Vista laptop through work, public, and home networks seamlessly complete with proper rules.