I give up. Well, no, not really.
Outbound filters are useful. Just not for security.
As far as malware getting "tripped up" by an outbound filter, have you ever seen a prompt from one of these firewalls? They are completely useless to almost everyone (including power users). They make all kinds of assumptions (because they can't determine intent), and they usually default to the "allow this connection and all connections from this process on all ports and stop bugging me" option. I wonder what the user is going to click on?
Also, a lot of malware does something seemingly normal to trick people into configuring their firewall for it. For example, dancing_pigs.exe makes a connection to a DNS server. Hey that sounds like something I should allow (DNS is good right? Or, does your mom even know what DNS is?) and besides, the box is defaulting to the option to allow this and all connections from dancing_pigs.exe. Sweet! So by clicking this, the user never sees the second dialog that would show what dancing_pigs was really trying to do.
These aren't super clever or complex tactics. These are things that malware do *today* all the time. Given the market penetration these outbound filtering products have (can you buy a computer without a security suite on it?), doesn't it make you wonder why malware is still a huge and growing problem?
Your police officer analogy makes no sense. A bulletproof vest is more analogous to inbound filtering. The fact that he could still get shot in the head is analogous to the fact that the user could still click on something stupid (dancing_pigs.exe) and own themselves. But that doesn't make the bulletproof vest (inbound filtering firewall) a bad idea.
I can't say this enough: the goal is to protect your computer from getting owned in the first place, not to protect something that is already owned!