I always try to keep a couple of things to "play" with. Currently, I'm running Sunbelt Kerio Personal Firewall on my X20. It reminds me of ZoneAlarm but less resource intensive. I admit it's been a while since I've used ZoneAlarm but I suspect it hasn't gotten smaller.
Kerio has 2 modes: a free mode and a full mode. I'm running the free mode, natch. In the free mode, you get all the features except Host-based Intrusion Prevention and Content Filtering. There are a couple of more full mode features related to administration. Host-based Intrusion Prevention (HIPS) will prevent buffer overflows and code execution from running on your system. I've lived without that so far. For Content Filtering, I use the capabilities of Maxthon.
Every now and then Kerio nags at you about "running restricted version" but a single click dismisses the dialog.
One thing that Kerio does that is similar to ZoneAlarm is it has the concept of a "Trusted (network) area." This is normally set to the address space that is presented to your NIC, in my case 192.168.0.0/255.255.255.0. You can tell Kerio that all access to this trusted area is Ok and minimize some of the prompts. I hadn't done that just so I could see what all was going on with the intention of eventually enabling that address space. However, once when I was on vacation, the hotel had a wireless network and they too were using 192.168.0.0/255.255.255.0!
So before I turn that on as "trusted" in Kerio, I want to readdress my home router to a different, unusual address space.
There are a bunch of screen shots on the Sunbelt page referenced above and a users' guide here.