I know people crap on it, but the basic Zone Alarm firewall is free, simple, and works for what I use it for. Notifies me if something tries to connect to the internet from my computer, and blocks all non-requested/expected incoming traffic. It's easy to approve applications for outbound internet access, make them ask, or deny them outright.
A good test for any firewall...you can run the security tools at Symantec or Gibson Research and they'll basically portscan you, and it should tell you all your ports are set to stealth if your firewall is configured correctly.