Even that is better, though I personally prefered AVAST! before getting my nVidia on-board firewall processor going (works great).
Various ones conflict with various others in various ways. Since they all alter the way your OS works, there are bound to be conflicts. Stick with one for each protective function, and scan with more than one occasionally.
Some say yes and some say no. What you will get from what I understand if running two personal FW(s) is a double FW situation which could block traffic that should reach the machine, which is what happened when I had BlackIce running and the XP FW was enabled due to the SP 2 update that turned on the XP FW and I didn't know that had happened.
It's no worst than the rest of them if you have it configure properly.
I think such solutions have to much snake-oil bloat ware in them but if you're happy with it, then use it.
No personal FW solution is a true FW. The personal FW is not a FW solution as it doesn't separate two networks. The network it is protecting from usually the WAN or Internet and the network it's protecting the LAN. The personal FW solution is machine level protection that protects the O/S services and Internet applications running on the machine.
If you want to run two packet filters, then use IPsec that's on that XP O/S to supplement the XP or Norton PFW solution. I use IPsec to supplement BlackIce that's running on the machine and I have no problems in doing so with a machine that has a direct connection to the Internet (no router between modem and the computer).
I use the Analogx implementation of the IPsec rules and made my adjustments as to what I wanted to protect.
IPsec can stop inbound or outbound traffic by port, protocol, or IP.
Here is where you need to be going to protect the XP O/S to attack if the machine has a direct connection to the Internet.
Now if you have a choice, below a NAT router is what you should be using and you can get one that cost as much as Norton that you're paying for and it comes closer to a FW than what Norton or XP's FW does in the protection. You can use IPsec behind it to stop outbound since most can't stop outbound or Norton and I am not talking about the snake-oil worm or Application Control part of Norton but stop outbound by at least port or IP.