to test whether the windows firewall is doing it's job, go here https://www.grc.com/x/ne.dll?bh0bkyd2 this is a site designed to test your firewall called shields up. disable your outpost one and then enable the windows firewall and run the tests, then turn windows firewall off and re enable outpost and run it again to compare the two. I use the windows firewall on this laptop and ran shields up and got a perfect score so i don't use any other firewall, But on my desktop i run AVG 2011 internet security and it's own firewall which also got a perfect score. Good luck mate

I just use the W7 firewall, way back in the day I used Zone Alarm. The W7 fire wall can be modified and allow program through firewall. I use  Micro$oft Security Essentials (MSE) as my AV, I also use Maleware Bytes, Super Anti Spyware and Spyware Blaster.

FYI 

There is an "advanced view" to the windows firewall.  If you're all about having more granular control........that view should blow your mind.  

YES, the firewall included with Win7 is very good at doing it's job.  Not necessary in the least to give away more transport-overhead just to "think" or "feel" safer.

Some might disagree with me (feel free) however my opinion has been formulated by years of in-depth networking knowledge and not on sales pitches or user reviews.  I'd be willing to bet those same people who might disagree would also be the ones deriding Microsoft's ISA/TMG (threat management gateway) in favour of say a Cisco-PIX or whatever hardware appliance......there they would also be wrong.....but whatever.....I know what I know. 

EDIT:

Also, just using an EDGE firewall (ie. router) is the old '80s "eggshell" mentality toward security.  These days a granular and multi-tiered approach is necessary not just recommended.  Besides, the firewalls on routers that have maybe a 100MHz proc with 16MB of RAM CANNOT possibly inspect each and every data-packet and or verify each and every connection.  Just browsing to one single website can open multiple connections to and from your system.  Unless you're running a network-EDGE hardware device that has cost you at least $500.00 the firewall on your router is not much more than "marketing". 

FYI, "shields-up" saying you're "stealthed" is very much to be taken with a grain of salt and a whole pound of real networking understanding.......just sayin...

It's not quite as simple as that kryo.  Although basic NAT should reject all unsolicited traffic, what level of NAT-endpoint filtering (filtering applied to incoming connection requests on active ports) is applied from router to router is not the same and in many cases not even evident.  This is important because its once connections have been initiated that most "badies" sneak into a network.  For example SOHO routers that do allow one to configure the level of NAT-filtering are the D-Link GamerLounge routers probably because changing NAT-filtering settings might be important for gamers/hosting etc.

Ex.

For example on my son's gaming-router there are 3 settings for NAT-endpoint handling for both TCP and UDP traffic (each can be set independently of the other).  The following is taken directly from the router's help file:

1.  Endpoint Independent

2.  Address Restricted

3.  Port and Address Restricted

This is why having basic but good (ie. Windows Firewall) software rules also present on any system residing behind the NAT makes for good "defense in layers" which is never a bad thing.  Routers can be fooled. 

That being said,  I would NOT suggest giving away the additional transport overhead for more "robust" software firewalls which claim to inspect the STATE of traffic etc.  Plus as I've stated before many times SOHO routers claiming to perform SPI (stateful packet inspection) aren't much more than a fancy marketing ploy since most SOHO routers have weak proc's and limited RAM with which to perform such "inspection".

the Monk

I believe that if your firewall is working properly you can't be pinged. that is a purpose of the firewall, to be invisible.

to answer the question; yes, it seems to work pretty damn good.

starkers,

Again....(as I've already stated above) unless your "router" has more than a 100MHz proc with 8 or 16MB of RAM it's "firewall" isn't much of a firewall.  Running software tests like "can I be pinged" or....."which ports are open etc." are not really an indication of being "firewalled" by todays standards.  A true firewall performs traffic checks based on ALG's and has a proc/mem that can actually properly perform SPI (for what it's worth).  The reason for this is so that traffic can't "pretend" to be other traffic in order to fool your network devices. 

For Example: So you can't be pinged, and every port is closed for unsolicited traffic.......big woop.......when you go out on port 80 (web traffic) to view something on the web what exactly is your network device doing to ensure that something else which isn't "web-traffic" (and therefore shouldn't use TCP port 80) isn't in fact using port 80 to come back into your system?   That's right.....NOTHING.  Unless you run a hardware device which is truly capable of using ALG's or performing SPI you are "trusting" that everything coming in on tcp 80 is in fact http traffic.

Also...."immunizing" your browser (which amounts to protecting certain registry keys from being edited) is something I'd rather trust to the system's local security policy and/or by not running/browsing from an ADMIN account.  If you are already doing that then there is no need to give away the extra system over-head away to a third-party program.

Avast doesn't have the greatest record, but that nonwithstanding using/editing your system's "local security policy" is again a much better way of ensuring baddies that slip in can't fully function (and can then be cleaned out later with no issues), rather than again trusting some third-party program to not lapse and be your EDGE-protection.

Of course protection in layers is important.  Please don't assume that running various different third-party software is doing that.  Protection-in-layers means that while you might have some software installed to run scans etc. for "peace-of-mind" the ACTUAL protection of your system is trusted to running everything on your system from a LEAST-priviledge-needed mindset, properly understanding and configuring your built-in local security policy and if one can be afforded a true hardware firewall at the network EDGE. 

Software isn't infallible.............however a security-centric mindset (including least-priviledge-thinking etc.) puts the odds more heavily in your favour. 

the Monk