This isn't really the place
This isn't really the place. We've hijacked the poor OP's discussion, and this particular dead horse was sent off to the glue factory ages ago.
When you start to learn a bit more about computer security, you start to see that the outbound filtering has questionable value at best. To borrow from economics, outbound filtering is well past the point of diminishing return, almost to where the curve flattens out. There is still that marginal value, but efforts would very likely be better spent on some other area.
So, I think we can leave it at we have a difference of opinion. You prefer a reactive solution, dealing with problems after they've already happened. I prefer a proactive solution, preventing those problems from even happening. If mopping up after malware is your idea of a good time, then by all means knock yourself out; there are far worse ways to spend your idle time. For those of us who prefer to spend our time in other ways, we will prevent as many problems as possible, then deal with the few that slip through the net as they come up. I do not deal in magic bullet solutions like outbound filtering. As far as I'm concerned, once malware is on a system, your security setup has proven to be a failure. Outbound filtering might help massage a bruised ego, but it doesn't really offer much of value in the way of security after a breach has happened.
In any case, I'll give you the last word if you want it, because I do not plan to derail this discussion any more than it already has been. I've also had my fill of false-bravado from people trying to feign understanding of things they have only barely scratched the surface of. For my part, I don't claim to be that much further along. I'm sure if someone were a security professional, they could take us both to task in any number of ways.