i think i'll just not bother with a firewallWhy not just use the Windows firewall? No outbound blocking but surely better than nothing, no?
But the OP specifically wants outbound connection blocking
Nudone: Long ago I started with Zone Alarm, which was great until they moved to a new major version and ZA became bloated, slow and hard to configure. Then I used the free version of Kerio until I needed connection sharing, which the free version didn't support. I bought the pro version, but didn't like it at all. It caused bluescreen "STOP" errors and missed some applications which clearly were establishing connections without Kerio noticing them. I switched to Sygate but that didn't last long, about half of the net-enabled apps I use were happily connecting without Sygate ever knowing about them, and the interface was so obscure I became borderline paranoid, because I could not see clearly what was allowed and what wasn't.
If I were to try another firewall today, I'd try F-Secure Internet Security, simply because the same company makes F-Prot, a very good antivirus product. But instead, I happened upon what's nearly a perfect firewall for my needs: Agnitum Outpost
. I've used it since 2004, had very few problems, nothing major.
For one thing, it's very nicely designed - the UI is very clear and logically laid out, you can easily access the various groups of settings. Great logging feature with filters, so I can always see exactly what is being allowed or blocked and why, as well as check which processes are holding ports open at any given time. Another good idea in Outpost is the plug-in architecture: if you don't want active content filtering for example (flash, activex, etc) you simply disable the plugin. It autoconfigures for most popular software, and offers detailed custom rules. It doesn't win most leaktests, but does rate high, and certainly hasn't failed me in three years.
Now for some problems. Like I said, I haven't experienced any showstoppers with Outpost, onlya few minor annoyances. After I run it for a long time and the configuration becomes large, with many rules, on two occasions I was unable to add a new "allow" rule for a newly installed app. The rule creates OK and Outpost claims to be using it, but the app can't reach out for some reason. It's happened to me twice, and the way around it was to drop the existing configuration and have Outpost create a new one from scratch. This has a positive side-effect in cleaning up all the stale rules for apps I once installed and since removed, but well, it's a bit annoying. However, Outpost autodetection is so good that the last time I barely needed to modify it.
There is an attack detection feature which is a little too eager: in the default configuration it won't let me post on Slashdot, for instance (maybe it's a good thing
You can disable it altogether or restrict the detection though.
Version 2.5 had some issues with internet connection sharing, which required manual tweaks in an ini file, but it seems to have been corrected since then.
One caveat: I'm using version 3.5. The latest is 4.0, and I've seen a few disappointing comments on the support forum, so I'm waiting it out till they fix what they may have broken in this release. I would still recommend that you try Outpost, and in case of any problems you can try their support forum, it's quite lively.