[lmm]

Conclusion does not follow from premise. Once an attacker's code is running on machines that have access to sensitive data, you've already lost - there's no way to prevent it smuggling the data out in legitimate-looking requests. The right way is to stop the bad stuff getting in in the first place.

[ent]

Not all attacks are perfect. It's true that an attacker can potentially do anything once in control of machines with sensitive data, but it doesn't mean that all hope is lost. If an intrusion detection system catches some x% of potential threats, it can easily be worth it.

[vpeters25]

The goal is to slow them down, put as many barriers as possible allowing higher chances of detecting them. Intercepting and blocking known "phone home" messages is one way to slow them down.