Unfortunately the bad guys are winning right now, using SSL over port 443 (almost always is open) to connect to the mothership (bad guys HQ networks).
I work with a number of DPI / NG firewalls and WAF, IDP, and reputation/category filters etc for big companies.
For a home users/small business , IT education and awareness is more important than all the Firewalls and Antivirus/Malware programs in the world, even if they do help out.
Cheapest way of getting out of trouble for a small company is to use appliance firewall with proxy and DPI, with reputation/category filters, locked down PC's with good antivirus/antimalware programs
Best way of protecting a website is to use a WAF, they are incredible expensive and manpower hungry though.