Windows firewall is fine until the computer is infected by a Trojan, in which event the Trojan will be able to connect out, and may be able to bring down the firewall completely, allowing more malware to connect in. Some Trojans can bore a hole in Windows firewall, meaning that even when the Trojan is removed from the computer, a hacker is left with a way into the computer.
A knowledgeable user can of course avoid getting Trojans on their system- by not opening email attachments, not downloading from crack sites or peer-to-peer networks, keeping browser and OS up to date etc. It is perhaps the average user who needs to use a third party firewall- the sort of person we see on the forum who manages to get infected with a Trojan.
With a little knowledge, a Firewall which controls outbound traffic can be a good idea. Certainly Windows firewall is too easy to bring down completely should a Trojan find its way onto a system.
I'm using Kerio with 256M ram with no problem