Because those people are all idiots.
You can't improve security of an untrusted system by installing another untrustworthy piece of software. You don't have the source code for the operating system or for the new piece of software, so it is impossible to verify that it does anything at all, let alone improve security. In the contrary, adding software increases the system's complexity, increasing the probabilty for undetected bugs and possible new security problems.
A firewall is a computer security concept, not a piece of software. Vendors selling you a piece of software (or even a piece of hardware) under the label "firewall" are defrauding you.
If you seriously want to improve security on your machine, you have to reduce the code size, not increase it! And no matter how much software you remove, as long as you don't have the source code for the rest, you are still not even remotely secure. Consider dropping Windows and switching to a more secure operating system.
Because security forums in Usenet and elsewhere are rendered unusable by a unendling flood of Windows users who installed a "personal firewall" and ask for tech support. In the German usenet, de.comp.security was even split into de.comp.security.misc and de.comp.security.firewall to isolate those questions into ...firewall, with the result that there is almost no discussion other than whining Windows lusers there who complain that they aren't treated friendly and courteously.