I'm currently using Zonealarm Pro and don't have any problems with it.
The XP sp2 firewall is apparently designed to be easy to programaticatly control even from a script, so I'm sure trojans will shortly include code to deactivate it as standard.
I've use the free version of sygate and its quite good but had very high CPU usage on my PC, as I recall you need to activate "DLL authentication" to provide reasonable outbound protection.
I've also used Kerio (free for personal use- web filtering is disabled after a month)
http://www.kerio.co.uk/kpf_home.html
This has an Application Integrity option - as I recall it trys to defeat trojans by monitoring all programs for modifications and has rules to restrict programs using other programs and modules etc. (whether they use the net or not) - seemed promising but the version I tried took a lot of configuring (this may have improved - I tried a early release).
As far as the standard firewall features and security go I don't think there is a great deal of difference between the lot of 'em
There is a 3rd party program available (forget the name) which claims to be able to prevent rogue software from shutting down firewalls and antivirus software.