It's amazing how that myth persists. Even the XP firewall can do both inbound and outbound filtering, though outbound filtering is of questionable value anyway. By the time outbound filtering does you any good, the malicious program is already on your computer, and at best you're just mitigating the damage mildly.
All programs like ZoneAlarm and the various major Internet security packages end up doing is training people to click the "allow" button every time a dialog box pops up. What good is a firewall if you just allow everything through? It's like a tollbooth or checkpoint on a road, but every car wanting to go by is just allowed to pass unchallenged. What purpose is being served there exactly?
The Windows Firewall is one of the best examples of software engineering to come out of Microsoft in quite some time. It does what 99.9999999% of Windows users need, it is very light on resource use, it's about as unobtrusive as you can get... What more could you ask? Just because it isn't pestering you with some dialog box every 5 seconds doesn't mean it isn't doing anything. All it really means is that people who expect anything different have some insecurities they should consider addressing.