The Windows machine have no direct access to the internet. Email is fetched by the Linux server and filtered by spamassassin and users access their mailboxes via IMAP and Thunderbird is used as the email client. Internet access is via the squid proxy server and Firefox with IE TAB for some IE only sites. Squid can be configured to allow or deny access to certain sites if you want. No virus detection programs on the Windows boxes. Software may only be installed after aproval. This way the users retain much of their freedom and the Windows boxes their speed. Only had one incident in many years because someone clicked on a 'bad' link on an infected IE only site of our municipality.
Slashdot Mirror
The Windows machine have no direct access to the internet. Email is fetched by the Linux server and filtered by spamassassin and users access their mailboxes via IMAP and Thunderbird is used as the email client. Internet access is via the squid proxy server and Firefox with IE TAB for some IE only sites. Squid can be configured to allow or deny access to certain sites if you want. No virus detection programs on the Windows boxes. Software may only be installed after aproval. This way the users retain much of their freedom and the Windows boxes their speed. Only had one incident in many years because someone clicked on a 'bad' link on an infected IE only site of our municipality.