an external, appliancey, firewall is solving a different problem: ZoneAlarm and friends deny unwanted outbound connections on an exe-by-exe basis and an external firewall wouldn't know enough to do that. Really you need both.
I agree that using both an appliance based firewall and a personal firewall together is the better solution.
But, on the assumption that *everyone* uses a regularly updated virus/trojan scanner, which I'm sure we'd all agree they should, it's my belief that if you are only going to run one firewall then the appliance type is arguably the better choice out of the two.