[usr1106]

It's not Microsoft that should wall off the operating system. It's banks, airlines, health care providers that should not use Windows the way they currently do.

No employee there needs the possibility to install any software themselves. Without the possibility to install software you don't need anti-virus software. These systems should just run immutable images, in A/B deployment, just in case the new image is broken.

Of course that does solve the supply chain security. How do you make sure that the images contain know malware? But the problem does not not need to be addressed on millions of machines with millions of employees. It gets reduced to thousands.

[xqt40]

Your suggestion simply shows that you have no understanding of how things work. Terminals already does not allow users to install anything. As for rest of workstations and work laptops - users already don't install anything on them. The issue with Crowdstrike is not with users but with service that is maintaing these computers. A very frightening thing that all those companies are dependant on the f*ck off of their service provider and it costs them all their business.

No viruses need installation - in fact it would be easiest thing if viruses were listed among installed programms. Are yiu representing your whole generation or you are only one such strange person?

Also your suggestion os outdated by at least 60 years as it assumes that hardware that has no software update capabilities can't be hacked...

[wpm]

Presumably, these employees probably need email, web access, and file sharing.

There you go. Those are your threat vectors now.