Every rule in the Windows Firewall allows outbound connections, though. Click the Outbound Rules icon on the left side of the screen, and you'll see all the outbound rules. As you can see from the nearby figure, every outbound rule allows outbound connections. None block connection.

Making matters worse, there is no way for an individual or IT staff on their own to create an all-purpose rule that will block malware from making outbound connections. You can only create a rule to block a specific piece of malware, and doing that is an extremely difficult task, requiring that you know quite a bit of information about that piece of malware, including its location on your PC, the port it uses to make outbound connections, and so on.

To stop all malware from making outbound connections, you'd have to know all those details of all the thousands of pieces of malware in existence, and create rules for each one individually. But even that wouldn't work, because you wouldn't know about malware that has not yet been detected.

In short, as a practical matter, it's an impossible task.

Competing firewalls often use built-in intelligence to allow certain programs to make outbound connections, and then issue alerts when other programs make connections. You're told the program name and executable, and given a recommendation as to whether the program should be allowed. You can then block or allow the program to make a connection on a one-time or permanent basis.