Firewalls do, "firewalls" don't. Phrasing is important here!
These "suits" are just like the "Windows Firewall": Not very sophisticated packet filtering, but no firewall functionality at all.
Perhapps, but the functionality available in a high-end, full zoot commercial firewall isn't necessary for an end user. Sure if you have publically hosted services that get thousands of hits an hour the full on SPI/Traffic shaping/etc., etc. shenanigans are all necessary & good. But that's not the case with a typical end user.
Most sheeple just need something to sit at the edge of their machine that will say no to (basically all) incoming connection requests, because they don't want to waste time typing/remembering anything more complicated than their dogs name for a password. And the Windows firewall does this just fine (end of need).
Outbound "filtering"? ...I've never seen giving end users choices end well. They either shoot themselves in the foot blocking something necessary, or get eaten alive by something that's trying to get out. The object is to prevent hostile code from getting on the box in the first place. And one of the simplest (processor time free) methods of doing that is to use DNS filtering ...(like OpenDNS).. Which is done at the network border, and does a suprisingly good job of keeping folks away from those infected banner farm servers.
Best way to avoid getting killed in battle, is to avoid battles.