Re: There are other solutions @Lee dowling
I have a Steam account full of games. Over 500 at the last count. I play a lot of CS and similar games with "cheat prevention". Hell, I still technically use IRC occasionally for file transfer and all sorts. I've been gaming since DOS and once gamed over a network formed by a special DOS packet driver and some parallel and serial cables daisy-chaining machines together.
My household is also not just me. Hell, half the time I'm gaming with someone else in the same house (my girlfriend and I often play on a remote server of mine - we both come from the same IP in that case to the exact same server but simple NAT means you will ALWAYS come from a different port - the server detects it the same as every game on the planet does - problem solved without lifting a finger or even noticing), on the same connection, who hasn't "tweaked" their machine at all (but I'm in control of the router which has ZERO UPnP options enabled and port-forwards only for things I need it for, not single applications - and certainly not games - running on my laptop). You can torrent from N machines simultaneously, for any number of N (may not be as fast as if I opened every port, but it works just the same). Hell, my girlfriend is never off Skype to her parents who also use Skype, from an Italian house with a router that doesn't even support UPnP (it predates anything like that). I haven't got any special setup - a cheap cable modem (used to be an ADSL router before that, but same thing applied there) with UPnP turned off, a software firewall on the machine in default settings (so yet-another-thing that gets in the way of port-forwards of UPnP doing its job anyway) and NOTHING plugged into programs about port-forwarding or anything else.
The wireless in the house covers not just PC's and laptops but game consoles too, and even CCTV (which, admittedly, does have a single port-forward so I can access it remotely from my phone but also does NOT support UPnP anyway!). None of them have problems download, updating, streaming, or playing online (the only "problem" is sheer bandwidth if we're all watching iPlayer and doing things at the same time).
I don't expect the lay-person to sort ANYTHING. There is nothing to sort. Everything works, unless you're running a SERVER. That's the only reason to have exposed ports. And if you're running a server, and exposed to the Internet, you should damn well know what you're forwarding and where and control it. But UPnP fixes this "problem" that you describe by letting ANY program on ANY computer on your network as ANY user to open ports to point at whatever they like, without anything in the way of decent authentication. It's literally a handful of lines to expose your port 139/445 on your laptop to the world as, say, 11139/11445 and then tell someone about it. For every legitimate program that "benefits" (i.e. the programmers can be lazy in implementation and lessen the cost of running a single external "connection handler" server), there are a million that will abuse it.
I don't even use IPv6 yet because I refuse to abandon the NAT that provides this arrangement (and hence gives the need for port-forwarding and UPnP) BY DEFAULT. IPv6 supporters have something against NAT and won't support it, and though I'm all IPv6-ready and working, there's nothing I'll do about it until I can just translate the external address into an internal NAT'd address and thereby DELIBERATELY blocking internal services from being made external without my express knowledge. Because NAT'ing just causes me that few problems and solves that many that I won't do without it.
Disable UPnP. Go do it now. Any problems you have will still be there, and you're unlikely to notice any difference. The worst that happens is you won't get as many incoming connections on a torrent swarm, but to be honest, the torrent protocol handles this wonderfully by getting others to act as intermediaries (sound familiar to running an external server?) and after a while you'll be at full-whack anyway.
But, even if you're telling the truth, if your programs are that crappy that they can't detect two different users on the same IP but from different ports (and most of the "cheat prevention" things you mention are actually to stop ghosting so they are working EXACTLY as designed if they rely on one IP = all the same house, for instance), or can't knock their way out of a NAT'd network like just about every home broadband user on the planet has, then they really need to take a course in simple networking.