Re: Windows firewall
By default, the windows firewall only blocks incoming connections.
Normally this covers most contingencies, but if you inadvertently get the wrong malware, it's free to send stuff out, "phone home", & etc.
If you turn on outgoing protection, it will block everything including your browser, e-mail client, and updates to other software, unless you make a "rule" for each program you wish to allow. You actually need to make a list of programs that need internet access, and make a rule for each one.
Some would argue that outbound protection is like closing the door after the burglar gets in, others prefer the extra level of security.
Many third party firewalls, make the rule making much easier. For instance "ZoneAlarm" asks you whether or not to allow access when a program tries to access the internet, and gives you the option of allowing it once, or always allowing it. One "mouse-click" per program, is a lot less tedious than figuring out which ones need access, and making a "rule" for each one.
Unfortunately, a lot of freeware comes with a catch. If you're not extremely careful, you may get a toolbar, or some adware that you don't want (PUPs).
Personally:
I used ZoneAlarm free from (about) 1998 to 2014. Avoiding the "PUPs" became routine. Then recently, after a Microsoft update, I started getting occasional BSOD crashes, that I found to be related to ZoneAlarm. I switched to the Windows Firewall...... The crashes stopped....
BUT:
I've made the "list", but haven't yet taken the time to make the "rules". For the time being, I only have incoming protection.