alt Hacker NewsRecently I got tired of having random changes occur to a Windows installation I use for one purpose: running X-plane. I took the drastic measure of disabling both inbound and outbound network access in Windows firewall by default and turning off most of the pre-installed rules. Then, I allowed outbound access from the things that really need it. Spurious network traffic dropped to zero and surprises are gone. If I cared more, I'd explore profiles for enabling only useful network activity in more situations, but this has been really good for my use case.
X-Plane runs on Linux but my simulator devices do not work as well. So I keep Linux for work, Windows for flight.
I think nowadays the only safe and sane way is running Windows isolated as a VM (e.g. QEMU on proxmox). I did this with my gaming server. The VM sits on ZFS which I can snapshot before any Microsoft stuff happens, to revert any action. I can cut off the network card virtually and shutdown the guest whenever I get tired of it. I could even disguise the CPU/QEMU config, so that the anti-cheat from Star Citizen didn't recognize it was running in a virtualized environment. Pair this with Moonlight+Sunshine and you can game without issues on any remote client. Why I prefer Windows for gaming? It is just (still) the default and provides the least barrier and setup effort for most games.