OK, they can track outbound connections of programs that allow the PFW to control them. But what about all the others? Using a PFW is like having a police that is only capable of arresting criminals who show up in their office and tell them what they=B4ve just done.
Information is power if and only if you have the entire information. But this is exactly what you won=B4t get from a PFW.
As an example, Volker Birk has published a PoC to show how you can easily fool PFWs. His source code is available atAnd yes, that obviously works with any PFW. A similiar PoC for ZA is available at So seeing all these nice alerts a PFW generates will give you a cosy feeling of being safe while this one piece of software that it didn=B4t detect is just busy tunnelling your personal data to a remote server using your trusted browser of choice.
Why would you want to do that? On an uncompromised system you will only have outbound connections that you initiated. Why monitor them? If you have unwanted outbound connections then your system is compromised and you cannot trust any piece of software running on it.
Sorry, I am not a programmer. Others can certainly do better on that than I. But it is pretty obvious that a piece of software running with admin privileges can alter all settings of the OS or any applications without notifying the user. As a very common example, Windows Update does this all the time.