(no title)

- Only open documents in a virtual machine - Only interface with the document transfer media (cd/dvd etc.) through virtual machines. Don't ever mount or use this media on your host. - Clone a new throw-away virtual machine for opening EACH document and delete it after reading the document

About his points:

1) This is nonsense. It's possible to set up an OS (for example linux) with zero internet connectivity, just download the ISO on another computer, verify checksums and signatures, burn onto optical media and you're set.

8) Also, use one-time media. Write once on the internet host, fill up and finalize media, read once on the air gap host, destroy media.

Also, I don't think Schneier is recommending to use Windows for this task. He's just assuming that most people out there is using Windows and can use these tips to improve their security. For his own high security setup(s) I'm pretty sure he'd have the common sense to not use Windows.