If y'all can stand one more post. :)
IMHO and FWIW, outbound firewalls have several shortcomings, both technical and conceptual:
•It's too late. If an outbound firewall detects something that is, in fact, malicious in nature it's because your machine is already infected. Something in your inbound defense failed and your machine has acquired some form of malware. Yes, I suppose it would be nice to know your machine is infected, but in fact your inbound defenses (firewall and anti-malware suites) should have already either prevented or detected the problem. With adequate inbound protection, an outbound firewall is redundant. And that's why there are so many free on-demand scanners to supplement the primary anti-malware suite.
•It's intrusive. Outbound firewalls require additional resources to do their job. OK, with today's faster CPUs, increased RAM, larger disk space, etc this may be a moot issue. But on a home or office machine a router will give you the inbound protection you need without taking up additional resources on your machine. And if inbound threats are eliminated, outbound protection isn't needed.
•It's frequently wrong. One of the very common complaints about outbound firewalls are warning messages that are either incomprehensible, overly frequent, or don't give the average user enough information to make an informed decision. Frequently, they'll simply report a connection attempt to or from an IP address with little or no additional information. I've also seen warnings from totally legitimate processes for things like software updates or syncing the current time and date. With too many errors, indecipherable messages or false positives, it's like the boy who cried wolf too many times. People tend to ignore the warnings after a while, rendering the outbound firewall ineffective.
Is there a case for an outgoing firewall? Many people may say absolutely, they add a lot of value and that my thoughts are off target or over-stated. But I remain of the opinion that if an outgoing firewall is actually adding value it's because the
incoming protection failed. If people want to focus additional energy and resources at becoming more secure, I'd much rather see them focus on preventative solutions rather than solutions that only kick in after it's too late.
Let the flaming begin.