The thing with an outgoing firewall is, there are essentially only three possible circumstances to consider:
Scenario a: the user has some clues and actually knows what it means when the firewall pops up an "application atomic.exe is tring to access the internet" message, and has a rough chance of figuring out whether to click "allow" or "deny".
Even for geeks, it isn't always easy. (What about the example I just used? Legit? Spyware? Or just useless junk in the Realplayer update class? Answers below, please.)
Under this scenario, the utility of the firewall is practically zero: you have to buggerise around with it, but if you are smart enough to get the yes/no questions right, then you are easily smart enough not to get infected in the first place.
Scenario b: the user is the sort of complete loser who likes nothing better than to sit in front of his machine doing "work" on it - where "work" is defined as getting up in the morning, starting scandisk and watching it run all the way through, then running defrag, then running Sysoft Sandra and HDtach just to make sure everything is working properly, then reconfiguring Zone Alarm, then running Spybot and watching it all the way through, then a pleasant hour and a half moving one of the glowing blue leds half an inch to the left, then it's time for the highlight of the day, running a full scan with Norton System Doctor. After that, it's check the email and forward 16 pages of totally stupid jokes to people who delete them unread because User B's forwarded jokes are always the same ones you first read 6 years ago and didn't laugh at even then. Finally, it's time to run defrag again and go to bed. Tommorow is a special day: he's going to format the system and reinstall Windows. It's way past time for a reinstall, he hasn't actually wiped the drive clean and reinstalled it since Wednesday, and it's running really slow.
Scenario c: the user is a typical and normal user. He or she has absolutely no chance in hell of figuring out WTF all those "application X is trying to use the internet" mesages mean, and must simply guess. Pretty quickly you end up with either of two circumstances: they clicked "no" to something important and now you have them screaming at you because their email isn't working, and unknown to them is that this is because they clicked "no" when the firewall said "application thunderbird.exe is trying to access the internet" because they had never heard of Thunderbird and all they were trying to do was send an email. (Yes, this happens. Frequently. We have to fix this sort of screwup every working week.)
The other possibility is even worse. You've spent hours with them teaching them to think before they click, to be cautious, and not to trust stuff that pops up. Just when you think they have got it, they go home and have this new software firewall which, as a matter of routine, reqires them to click "yes" to stuff they don't understand, weren't expecting, and haven't a clue what it does. This is the worst training it is possible to give to a user. Pretty soon, they are clicking "yes" to "Warning: your computer is infected. Click here to scan and clean", and three days after that you are cleaning Spy Sherrif off their machine (again) and they have just spent another $75 and lost the use of the computer for a couple of days.
Short answer: I cannot think of a single good reason to use a software firewall. Unless you call being User B a good reason, which I don't. User B shouldn't be allowed to own a computer, shouldn't be allowed to drive a car, and on no account should be allowed to have children.
