hey asishda, along with all these what you need is a HIPS that works on behavior analysis along with white listing. and for heavens sake dont use zone alarm free edition, it is way toooo kiddish. use Pro, heaven and hell difference. there are hundreds of ways to trick/byepass firewall.
now do you ask "Can you prove it?" Well take NOD 3 that you are using. To provide real time analysis and web protection, all programs pass through ekrn.exe (unless you set it otherwise in advanced settings) thereby bypassing the firewall. Even all the Pros et al, cos it passes through their proxies (Huh!). ANd you have the impression that only ekrn.exe is accessing the net.
Generally to everyone:
security is not such a simple topic that you say I use this and this. This is not a buy and press button. No sir, there are methods to bypass many. so you have to first define your needs, and then IMHO go for a layered approach. And be careful cause there will be the Zero day attack that may breach what you have. And of course dont forget to keep an image back up for immediate recovery!
Like the previous gentlemen say. They use such stuff, cos they feel that is enough for them. Many dont even use a AV, cos they feel that DeepFreeze protects the BIOS?CMOS. and many use double lyer virtualization, in case one is breached. So its entirely upto you. Needs on one side, Affordability, Compatibility and Simplicity on the other. Only you can balance them.
There are no correct and incorrect ways.
And finally use your common sense, not what Mr Padosi / Mr Seller or Mr Support guy told you. How many of you use script blocker? or simply a Limited User Account?