As far as I am concerned, they really just offer more features than the built in XP firewall. The main job of blocking incomming traffic is done, though.
Really, the best defence you can have is a NAT router. Being behind a NAT router means that insolicitied traffic does not come in. It has to be solicited from the inside. You don't really need to be running a software firewall at all on your client machines if they are behind a NAT router, but its probably a good idea to.
Which one should you run, then? Well, i'd say the one with the least performance overhead. I've not installed Zonealarm, Kerio or Comodo firewall software recently, but I'm pretty sure that they all take up RAM and slow down your machine. Windows firewall does not.
Personally, I run behind a NAT router, Windows XP (or Vista now) firewall, plus AV software and anti-spyware. And unless I do something silly I have no problems with security at all.