And here's why.
Firstly, by the time the Bad Thing is noticed by the firewall, it's too late; the Bad Thing is on your computer.
Secondly, they talk WAY too much. "Do you want to let THING.EXE access the internet?" "Well, DUH! THING.EXE is my new game/IM app." A few iterations of this and before you know it the user is clicking "Yes" to everything, because they had to go through a phase of clicking "Yes" to get Internet Explorer, Outlook Express and KaZaA to access the internet.
Thirdly, Zone Alarm (to take the one from your example, but this is true, I'd say, for all of them) has a number of known exploits - but then, doesn't everything?
Fourthly, Zone Alarm is YELLOW. Windows applications aren't YELLOW. They're GREY[0]. Not YELLOW. Consider the engineering effort that went into re-inventing the square wheel there, and whether it might have been better spent on, y'know, the FIREWALL part of that product. But hey, gotta DIFFERENTIATE THAT BRAND. IIRC, the home version of McAfee antivirus products suffer from a similar problem. Oddly enough, the corporate version is GREY.
Fifthly, WINDOWS SUCKS FOR INTERNET USE, for all the reasons you discovered.