One person created a script to help secure Windows. Another person thinks it's a replacement for personal firewalls. Then another person agrees with him and a chain reaction of very bad advice ensues.
I was surfing the Web looking for some basic beginner PC security information to help some people get started teaching themselves about security. Lo and behold I bumped into a page titled, "Beginners Guide to Securing a PC." I looked at the page and saw what I expected:a little talk about anti-virus software, anti-spyware software, rootkit detectors, etc. Then I came to the part that said "... firewalls are not secure and malicious code can find ways around the firewall and even manipulate it. \[Therefore I\] suggest you don't use a firewall but do something different."
The suggested "something different" is to run a particular program that disables various system services. There was a link to the program, so I went to that page at another site to learn more. When I read that page I again saw similar advice. The author claims that after you use the Shutdown Windows Servers program "personal firewalls become obsolete."
The page referenced yet another site, saying that the program is based on a script written by Torsten Mann. At Mann's page I found that he does offer a script to shut down certain system services, but I wanted to know if he was the origin of this "sage advice" that personal firewalls are moot if you shutdown certain system services.
To my relief I found that in addition to the recommendation of shutting down some system services to strengthen security, Mann clearly recommends that people with Windows XP use the Windows Firewall. Nowhere does he claim that shutting down certain system services is enough to prevent intrusion. Yet somehow the person who wrote a program based on Mann's script decided that personal firewalls "become obsolete" after using his spiffy tool. And of course, his advice was contageous and now the first party I mentioned is telling beginnners that they don't need a firewall either.
To think that a firewall isn't necessary just because you shutdown certain system services is about the equivalent of saying "lock your car doors and you no longer need a car alarm."
In my opinion the only time you don't need a firewall is after you use these on your network connection.
(Tip of the hat to Marcus Ranum, who astutely pointed out this latter item years ago)