The Windows Vista and Windows 7 firewall is perfectly fine by default. A lot of people tend to favour third-party firewalls due to the outbound filtering which always seems to be the driving force behind firewall decisions. They presume outbound filtering will stop a compromised system from communicating out.
Outbound filtering with regards to malware protection is completely redundant. Firstly, for outbound filtering to actually be of any use, your system has to already be infected and in which case, you can't really trust your system is doing what you want it to do. Secondly, if you are running as an administrator, malware will simply disable the firewall all together. Thirdly, if you aren't running as an administrator, then the malware will simply hijack an existing connection of a process you have already granted access too. As Steve Riley would say, "Protection belongs on the asset you are trying to protect, not on the things you are trying to protect against."
Outbound filtering is only really useful for controlling things you know you do not want to permit. Windows Vista and Windows 7 already do this by default due to
Service Hardening and services will filter out any unnecessary traffic. If you would like to restrict outbound traffic for applications, if you type in "wf.msc" (without the quotes) into the start menu search bar, you will then have access to outbound rules.
A couple of articles and a video regarding the Windows Vista firewall, which will also apply to Windows 7, and discussion regarding outbound filtering.
Articles:
Exploring The Windows Firewall - (Steve Riley)
Managing the Windows Vista Firewall - (Jesper M. Johansson)
Deconstructing Common Security Myths - (Jesper Johansson and Steve Riley)
Videos:
Windows Vista Firewall and IPSec Enhancements - (Steve Riley)
