So, let's take for model Windows + Router : our very goals have been... Protect ourselves from botnets & trojans. Teach Windows to behave not that bossy w/ its hidden activities & annoying updates. 1st of the all, we need to block direct access of Windows to Internet: it can be achieved w/ Router's Firewall (You can block/allow access by mac address + can change mac address of network card(s) in W10/11). 2nd step is, opt web proxy: it can be Router's Proxy / Linux machine in Your local network (for example, Squid proxy is rather good shot) / external VPN (then it takes to opt Router's Firewall additionally). It's obvious that Microsoft can easily bypass such protection, but here has been the juridical catch - they would have shot selves in their own feet, if they would have used trojan-like approaches in so open manner. There been very Law for big corporations... Any controversial/dirty practice must be either well-hidden or non-existed at all. However, som