Spot on the sugar, Carol!
Imho outbound filtering is pretty useless for a software firewall. When you reach the point where you need it, your system is already compromised and you're SOL. As soon as untrusted code is running on your computer, that untrusted code can bypass the firewall... sure, limited user accounts etc. help mitigate this problem, but the trick is not getting untrusted code on your system in the first place. OK, if you're paranoid you can use a software firewall to check if apps "phone home", but frankly I've more or less stopped caring.
Windows Firewall does the trick of filtering incoming connections. And yes, you probably do need this even when you're behind a NAT'ing router without DMZ (which has nothing to do with firewall, btw, even if the end effects are somewhat the same). Why do you need this? In case a friend brings over an infected computer, or you have a significant other on your LAN that might get catch something nasty.
End-users generally don't need to mess with the firewall, especially since most proper apps these days add exceptions during install or config time. Putting a firewall with outbound filtering on a regular Joe's computer is a pretty insane thing to do, and would probably result in worse security since they'd just click yes to all those "omg, something happened I don't have a rule for!" popups.
The Windows Firewall is quite adequate, it's stable, and it's light on resources. The bad things said about it has mostly been out of ignorance, FUD, or marketing interests from the various software firewall vendors. If you need outbound filtering, you need a proper firewall box, not a software firewall on client machines.