Comment by ryandrake
3 months ago
You basically have to treat all components of Windows as malware. Your personal threat model needs to include Microsoft as an attacker.
3 months ago
You basically have to treat all components of Windows as malware. Your personal threat model needs to include Microsoft as an attacker.
At this point, I would agree. Microsoft Windows is now banned from my network.
Microsoft's threat model seems to include the user as an attacker, so that's fair.
I have a Windows VM with net access (through a consumer VPN) that I install software in, make sure it's all up to date and whatnot. To do any real work I then take a snapshot and run it on its own VLAN with the only reachable thing being my own samba server.
This is the way.