Comment by ryandrake
15 hours ago
You basically have to treat all components of Windows as malware. Your personal threat model needs to include Microsoft as an attacker.
15 hours ago
You basically have to treat all components of Windows as malware. Your personal threat model needs to include Microsoft as an attacker.
At this point, I would agree. Microsoft Windows is now banned from my network.
Microsoft's threat model seems to include the user as an attacker, so that's fair.
I have a Windows VM with net access (through a consumer VPN) that I install software in, make sure it's all up to date and whatnot. To do any real work I then take a snapshot and run it on its own VLAN with the only reachable thing being my own samba server.
This is the way.