I ain’t no IT expert but what are some things a vulernable windows computer can do?
The users tend to be less tech savvy than Linux users so they tend to not have adblockers and or allow arbitrary JavaScript from any page to run and or they are running trojanized software because the uploader was “trusted”.
Due to market share they are the biggest target.
Untrusted devices should be on an isolated subnet or if you have the time only devices that need to talk to each other should be on the same subnet.
In an ecosystem where the solution to every problem is “Download this piece of software someone wrote because the standard Windows utilities are worse than useless and don’t provide this basic functionality”, you can’t really blame the users for running every script they encounter uncritically.
In general, a compromised system may be running any software the attacker might find useful, including, but not limited to:
- keyloggers to find passwords that are in use in the company
- software to copy sensitive files to a remote server
- software to encrypt the system itself or (if the computer has access to other machines on the network) other computers
- produce documents (think, mail) that purport to have been created by the user of the corrupted machine.