Windows XP's firewall is better than no firewall but, it lulls you into a false sense of protection, it doesn't provide outbound protection. The windows XP firewall is usually good at keeping your ports stealthed (hidden) you should consider a third party firewall.
Any malware that manages to get past your defences will have free reign to connect to the internet to either download more of the same, pass your personal data (sensitive or otherwise, user names, passwords, keylogger retrieved data, etc.) or open a backdoor to your computer, so outbound protection is essential.
- There are many freeware firewalls such as, Comodo, PCTools Firewall Plus, Jetico, etc. - Zone Alarm free works fine with avast and has a reasonably friendly user interface, however, the free version is becoming bloated with trial ware and is also crippled as far as outbound protection goes In the Program Control, configuration area, the slider will only goes as far as Medium protection, if you want more you have to buy the Pro version.
See A Forum discussion on free firewalls
http://forum.avast.com/index.php?topic=30808.0See
http://www.matousec.com/projects/firewall-challenge/results.php.