However, if we can't trust Window's explorer.exe, then what makes you think we can trust iexplore.exe (IE 6,7,8) or any other windows process/application that comes with Microsoft Windows?
I think an element of trust needs to be placed at some point. I think for a lot of trusted applications, they call out to the internet simply because they are checking for updates.
Sure, some level of trust is necessary to be on the Internet at all. For example, many bidirectional Internet connections are required between your PC and Microsoft (to check for and apply Windows updates, etc.)
But I’m talking about blocking completely unnecessary communications, particularly ones that are initiated when you perform a local-only task. There is no need for these to occur, except to collect data about one’s private, local activities.
If you don’t mind this sort of thing happening, then that’s fine. For me, it’s about minimizing questionable, unnecessary connections as much as possible. I think that’s entirely reasonable, not “paranoid”, particularly with non-Microsoft things like DVD player software, which comes from a much less monolithic and much less watched-over company than Microsoft. Questionable connections in Microsoft’s code will be found much more quickly, and publicized much more widely, than those in some third-party app like a DVD player. That translates into decreased risk of discovery and publicity, and therefore increased probability, of lower-profile third-party companies doing such shady things.
Also, with regards to whether someone knows what DVD I'm watching etc, I couldn't care less.
As long as you’re watching a fully-legal DVD, then yes there shouldn’t be a problem. But just the same, who wants some DVD player software maker keeping a big database of what you watch and when? If you don’t mind that, then… I suppose it’s fine, for you.
If someone was trying to really spy on you in particular, they would have already broken into your house and bugged your computer or placed a hidden camera in your room etc.
This is ridiculously harder and more dangerous than placing a simple “phone home” in a piece of software, so it’s not too relevant to this discussion. That’s an “all or nothing” mindset… meaning that because theoretically your house can be broken into and hidden cameras set up, etc., then there’s no point in taking simple security measures to limit unnecessary usage data being transmitted from your PC.
It’s kind of like saying that you don’t need to keep simple first-aid supplies in your house, because in theory a giant asteroid could smash into your house and kill you instantly.
The theoretical possibility of incredibly unlikely, extreme and personally-targeted security breaches in no way lessens the value of taking simple and valuable minor security precautions against incredibly common and impersonal “cast a big net” things like “phone home” mass data collection code.
For every case where someone breaks into a house and sets up hidden cameras (targeting one person with extreme effort and risk), there are hundreds of millions of cases that are simply some company looking to build a usage database of their customers, for purposes unknown but probably profit-related (targeting millions of people with very little effort or risk).
It’s comparing incredibly rare apples versus incredibly common oranges.
who knows who is using my computer anyway etc?
It’s very easy to data-mine the database collected over time by the “phone home” code, and easily identify what your specific PC has been doing, particularly if the “phone home” data contains a unique product serial number (as it probably would), so that dynamic things like DHCP-assigned, variable IP addresses do not have to be relied on. So they’d know what YOUR PC was doing, for sure.
Do they know WHO was sitting in front of your PC? No, but I sure as heck don’t even want them knowing what MY PC was doing, REGARDLESS of who was using it… particularly when such “no legitimate reason for the connection” connections are so very easy to block with a software firewall.
And once more, if you were actually targeted specifically, (by the FBI or criminals etc) they would have already broken into your house etc.
Again, orders of magnitude harder and more risky and serious than using simple “phone home” code in a product. I’m talking about simple data collection for someone to data-mine later, not the NSA and KGB breaking into your house!
Also, if you are that paranoid, how do you know if your Antivirus isn't sending out information about your computer etc whenever you update it?
Sure, various apps could be sending arbitrary information during their auto-updates. But you’re looking at this in “black or white”, “perfection or nothing” terms. Connections with an obvious legitimate use (antivirus definition updates, Windows updates, etc.) are far less suspect than connections made for no good reason at all, right when you perform a LOCAL-ONLY action. Those are the ones that are much more suspicious.
I think blocking those is a good step to take. We can’t have perfect security, but I’ll take improved security over no security any day.
Just my opinion, of course.