A series of penetration tests for personal firewalls is announced by the German Secure site
On this page (http://www.german-secure.de/index.php?option=articles&task=viewarticle&artid=59&Itemid=3) the results of testing ZoneAlarm Pro.
The results shows that ZA is good for personal use, although it can be attacked easier than Outpost in earlier test on that site (OP Pro 2.0 results (http://www.german-secure.de/index.php?option=articles&task=viewarticle&artid=24&Itemid=3)).
Time permitting I'll try to get some texts translated later on.

Links to the English Versions:

Penetration test Zone Alarm Desktop Firewall Pro (http://www.german-secure.de/index.php?option=articles&task=viewarticle&artid=60&Itemid=3)

Penetration test Outpost Desktop Firewall V 2,0 (V 2.0.225) pro of Agnitum (http://www.german-secure.de/index.php?option=articles&task=viewarticle&artid=50&Itemid=3)

Regards,

CrazyM

How concerned should the average ZA user be about the results of these tests?

As these tests involved Denial of Service attacks and flooding, which are focussed and deliberate, it should not be much of a concern. Most home/average users are never going to see or be targeted by such attacks.

From the author's conclusion:
-{ Quote: "In everyday use, the Zone Alarm is surely a useable Desktop Firewall for purely private use, ..." }-

For users who need protection from these types of attacks, a hardware solution would be in order. While your connection may suffer for the duration of the attack, at least the systems behind it would not be bogged down.

Regards,

CrazyM