If every firewall were written as NetFirewall is, it would be possible to create a trojan horse using Winpcap and there would be no way to stop it.
Well, NeT Firewall is created to protect system from the external intrusion, not from the internal one. And trust me, it is not great problem to create a trojan which will bypass any firewall available on the market (such trojan still can be detected by analyzing infected system’s network traffic from another system). It requires strong skills in kernel development and not fast and easy to implement but still… It is 5 minutes to rebuild NeT Firewall to intercept winpcap, but it does not really makes sense. If you want to avoid installing trojan protocol just don’t work under admin account (without having admin rights non of the trojans can install a driver). In general don’t expect that if you install a firewall you can do anything and you are safe.
There is a separate set of products, so called kernel IDS targetted to protect your system from trojan software and system exploits. Firewall primary target is protecting your local network stack from external attacks and thats it. Implementing partial kernel IDS in the firewalls (like ZoneAlarm, an example) give you rather illusion of safety than real safety.