The cited article fails to either list the tested firewall software, list the tests performed, or even link to some place where that information is available. It is a statement of the obvious, well known facts that: (i) some software fails to perform even its designed function, and (ii) correctly designed software is often misconfigured to the point where it cannot perform as designed.

The article further makes suggested solutions we have heard a thousand times, nothing new.

To meaningfully talk about security on a the average Joe's winbox, the focus has to come off average joe and be placed on the OS software companies, and on laws and rules (at least in the US) that utterly fail to require any software publisher to be responsible for either designing securable software, or providing adequate notice of the risks associated with installing or using software (or a website). Of course, malware and greyware writers will not follow those requirements ... but if average joe wanders down some dark internet alley without a condom on, its his own fault, whereas when average joe is going to a regular business site or using regular business software, the onus really should be on the publisher to disclose fully the risk, and to provide some tools to allow the user to understand what is going out.

With respect to malware that attaches without user intervention, IMO, all outbound traffic ought to be opt in, not opt out by default on OS install, and turning that off ought to be as hard as cancelling AOL (i.e. next to impossible).

I don't have a sig line, sorry.