Internet Security Systems has designed Black ICE to stop attacks matching known signatures, even if the firewall settings would normally allow the traffic.
Other software vendors are packaging their personal firewall products in suites that include intrusion detection, but few are using known attack signatures to modify the behavior of the firewall.
You can expect that while port 80 is allowed, Nimda traffic will not make it to your server.
Like antivirus software, detecting new attacks requires that you update the signature files regularly.
I found this quote in response to a user question on their Web site: Our product is not a "personal firewall" in the classic sense, though it does have some personal firewall functionality.
The product was designed to do dynamic intrusion detection, intruder identification, and intruder blocking.
As normally defined, firewalls do not "detect" intrusions, though they do indicate when traffic has been sent at a machine that is blocked by the firewall (which is one symptom of an intrusion).