Good firewalls should always block unwanted traffic whether it's inbound or outbound. This is not anything new, but you're right that most people trust the devices they own. Not anymore.
I think this is something of a chicken and egg problem. The basic firewall UI is allow <computer> to use <port> for <incoming|outgoing>. This interface can be made very easy to use. The problem is that if this was the default then programs would simply not work, and users would not know why.
However, if it became standard, then programs would tell users to check their firewall, and can even tell users the information that they need to fill into the firewall (eg. name of computer, port, ...).
Conceivably, you could define an protocol for devices to request an opening. This protocol could include a way of sending the password.
We have to assume that our lives are public; and that we have no secrets from those who want to get them the most (i.e. bad actors). We are vulnerable and weak, and had better get used to the idea that we can be f*cked over at will by whosoever takes a fancy to the idea.
Yep you've basically refuted the idea of personal security due to a vague insinuation of how "most people" trust their electronics. Or did you have anything constructive to add?
"Historically it's been very difficult to make detailed firewall configuration user-friendly. As a result, we've lived with the simplistic compromise of 'allow outgoing connections, don't allow incoming connections'. It seems like it's going to require some incredible new firewall configuration interface if we hope to make it possible for the ordinary clueless computer user to properly configure outgoing firewall rules."
