Wow, that's a lot of vitriol.
So, "all ports 'running'" is clearly a colloquialism. By that I of
course mean all the *default* ports on a Windows system, particularly
the most common targets like tcp 445 and 135. Without disabling
sharing, NBT, UPnP, Term Svcs, and the like, there's a lot of services
running, listening, waiting for connections, for credential guessing.
Now, as for what a FW has to do with browser settings and what sites
one visits, the connection should be obvious to anyone who cares to
think before composing invectives. The connection between the two is
indirect, but well-known nonetheless. The average user with insecure
browser settings in IE, who visits certain sites, is actually using the
number one vector for remote exploit, the IE browser. So, once the
browser allows something to be installed on the system or remotely
exploits something in the browser that allows the system to be
controlled, a bidirectional firewall would actually alert such a user
that outbound connections are being made, connections that they
wouldn't otherwise be aware of with a inbound-only packet filter.
Basically, it gives them a heads-up, potentially, that there's a piece
of software on their machine making outbound connections. This could be
a rootkit, this could be a trojan that was installed from an e-mail
attachment and is sending a password list out...
While it's not often a *preventative* measure, it's certainly an
important *detective* measure.
Learn first, flame second...
