Looks like Microsoft still doesn't quite get it. I found the following paragraph from an article on PC Magazine's web site to be rather interesting:
Microsoft has included a programmatic interface for Windows Firewall that allows an application to do things like set FirewallEnabled to FALSE, add itself to the list of AuthorizedApplications, or change the configuration of GloballyOpenPorts. Our concern here is that a malicious application could turn off Windows Firewall or, more likely, mark itself as an authorized application. Corporate administrators can disable some or all local configurations, which will prevent programs from making changes; but ultimately, Microsoft maintains, individuals still have to be smart about what apps they run. Even the best deadbolt won't protect your house once you've let the bad guys in.The way I see it, they gave the keys to the dead bolt to the bad guys. Suppose one way or another, I manage to get some malware on my system. This malware then has the ability to disable the firewall and do whatever it wants. Thanks. Looks like I'll still be recommending a third party firewall such as ZoneAlarm.
A while back, Bill Gates was quoted as saying something along the lines of there isn't a need for perfectly secure software, since we have firewalls to protect us. At the time it seemed absurd to me: What happens if your firewall software isn't secure? Now, Microsoft shows they can't even get the firewall right.
I posted some of this on Slashdot, too.