Warlock I completely disagree with you in the matter of firewall.
For me it's the most user-friendly designed firewall.
Yes, it's so user-friendly, you have to hunt down ICMP code numbers just to create a rule (plus there is no way to specify particular ICMP type code). Why they didn't add a drop-down with ICMP type names instead is beyond me.
Also the grouping in application rules is annoying, app vendors often put stupid names in the executable descriptions, so the list is a mess, well, at least it's possible to organize it manually.
It further doesn't help that the app rules can not be locked down properly, as there is no way to allow unlimited access on localhost (used for inter-process communication in some apps) and limit access to/from internet at the same time.
The help file lacks info, there is no info about patterns supported when specifying port number, for example, is xxxx-yyyy interpreted as port range? What about lists of ports, should that be xxxx,yyyy,zzzz or xxxx;yyyy;zzzz or even xxxx yyyy zzzz? The dialog simply accepts everything and doesn't warn about unsupported format. And I can continue with many other problems like that.
PS: Another example of bad design - try to add two rules for the same app in the same group (I did that by accident), you end up with a dead ('visually empty' but 'not really empty' = undeletable) group.