> Disconnect untrusted computers from the internet.
Disconnect billions of devices? How would you even enforce this?
> I would be willing to bet any amount of money that just disconnecting all Windows computers from the internet, i.e., no direct connection, would result in a dramatic drop in security problems.
Not really sure I understand your point here. Why stop at just Windows? If we remove all computers from the internet we would be so much more secure.
I'm also not sure why you single out Windows when even the blog post demonstrates this key logger in Linux (which is open source).
> There was a time when not all computers had unfettered direct access to the internet. They worked just fine. Maybe even better than ones today that are incessantly trying to connect to some server.
I hope this is a troll rather than someone honestly believing such a statement. You're claiming disconnected computers are perhaps better... while writing on one connected to the internet.
I think you’re missing part of their point (which isn’t super clear). You can still surf on such a computer, by going through an http proxy on the same LAN (the “gateway” they’re talking about, or bastion host)
They could very much be writing that comment on such a machine.
Amazing how people can (mis)interpret (unclear) comments as if they were crystal clear. They make assumptions. They read things in that are not there. It is truly entertaining, I never mentioned Linux. I never mentioned "desktop". Nor did I suggest Windows users would not be able to access the internet. Nor did I suggest the computer with IP forwarding enabled (call it what you like) needs to do everything a "firewall" does.
Indeed, I am writing this comment on such a commputer that runs a proxy for all the other computers. That's only because I like to experiment with different proxy configs.
More specifically, that the host should not route public IP space but use a proxy for any outbound connection (and a load balancer/reverse proxy for any incoming)
Every org is different of course but in the general I agree that this should be a more common pattern.
Disconnect billions of devices? How would you even enforce this?
> I would be willing to bet any amount of money that just disconnecting all Windows computers from the internet, i.e., no direct connection, would result in a dramatic drop in security problems.
Not really sure I understand your point here. Why stop at just Windows? If we remove all computers from the internet we would be so much more secure.
I'm also not sure why you single out Windows when even the blog post demonstrates this key logger in Linux (which is open source).
> There was a time when not all computers had unfettered direct access to the internet. They worked just fine. Maybe even better than ones today that are incessantly trying to connect to some server.
I hope this is a troll rather than someone honestly believing such a statement. You're claiming disconnected computers are perhaps better... while writing on one connected to the internet.