However, even the good personal firewalls require that users take thoughtful precautions, such as rationally deciding whether or not to permit a program to contact the internet. If users just automatically click the "permit" button or especially the "always permit" button, then it's not useful to have monitoring of outgoing communications.
And some programs "piggyback" on permitted programs such as Internet Explorer. (In other words, a spyware program might use Internet Explorer to "phone home" so that the user will think it is a trusted program rather than spyware.) Even those common programs should not be given carte blanch permission to contact the internet until the user is actually using the program to connect.
It all requires work on the part of users. I have totally cleaned up some systems and placed all the necessary software to keep a system safe, only to have friends and relative complain so much about having to hit a few extra buttons that they made me "unsecure" their system. Some people prefer to give no thought to what they are doing and would rather have an "automatic transmission" than is insecure that a "manual transmission" that is secure.
I would not really care much if it were not for the fact that these insecure systems then become weapons in the hand of hackers for launching more mischief on everyone which can cause internet and ISP slowdowns and affect even the secure users.
I say "AMEN" to everything you just said. I do exactly as you do. I teach A+, CISCO networking, Java programming, and Oracle Database Design/SQL plus I deal with a school full of computer problems. The best thing we ever did was put Deep Freeze on all our school computers that students use. It's a pain when installing updates, but it's wonderful otherwise. The biggest pain I have is with teacher computers/laptops due to the very things you just mentioned...sigh...