Agnitum's insights on Vista Firewall: There's a security risk
Agnitum, the maker of Outpost Firewall and other security tools published their January 2007 Agnitum Security Insight. It's at http://www.agnitum.com/news/securityinsight/issues/january2007
This month issue is about the Firewall in Windows Vista and Agnitum showed some of their findings about firewall in Vista. (Note: They also reviewed OneCare's firewall last year - http://www.agnitum.com/news/securityinsight/issues/june2006 )
Their conclusion is as follows:
Microsoft’s move to improved OS security has been long awaited – some might say long overdue - and will bring some benefit to users. Certain of the new security measures introduced will undoubtedly make users safer, although at a cost - increased prompts triggered by UAC or IE Protected Mode, as well as other distractions. But it’s clear one thing that won’t ever bother most users: the Windows Vista firewall. It doesn’t control outbound activity, and so it is inherently incapable of delivering real-time control over network traffic. The fact that it can only allow or block connections creates a sizeable security risk if the firewall allows outbound connections and a serious interference with productive PC usage if all outbound traffic is blocked.
Unsurprisingly, then, it’s my view that users would be better advised to use a dedicated, time-proven third party firewall like Outpost to protect their online activities.
More details on the above - demonstration and why they think there is a vulnerability in http://www.agnitum.com/news/securityinsight/issues/january2007
Hey Agnitum, when are you releasing your Firewall software for Vista? Also, all I know, every software has its own weakness. Even Outpost Firewall and other firewall software has its' vulnerabilities too and I think vendors should work closely on the security reports on their product in addition to finding vulnerability in others 
Example unpatched vulnerabilities on Outpost - see http://secunia.com/product/12472/ and http://msmvps.com/blogs/donna/archive/2007/01/16/outpost-bypassing-self-protection-using-file-links-vulnerability.aspx .
Disclosure: I'm an MVP awardee for Windows Security but I don't work for Microsoft, I use Windows Vista and XP systems, I have Outpost Firewall Pro in XP system which I purchased to Agnitum and it's a good buy because I took advantage of one of their previous offer - unlimited license. I understand that all software has its own weakness and users should not rely alone with the security tools but rely on many methods (after understanding what risks we are facing) in protecting the system which includes using an up-to-date system by installing patches (if availalble), by creating regular system backup, by using some policies. All these should be done together with up-to-date antivirus, antispyware, phishing filter or antiphishing toolbar, firewall etc...