I remember before the internet bookshelves groaning under the weight of data books and/or laterly cd's all a bygone age now ...
It's precisely because I've known since the Internet began that networks and PC hardware are not and never will be secure and trustworthy, that I kept all my old paper media. Recent revelations of ridiculous holes (and deliberate backdoors) at all system levels do not surprise me at all.
Back in the 2000s a friend of mine & I got our hands on a Pentium 1 hardware emulator. Plugged it into a standard PC and had a look. The damned PC was spending about 20% of it's CPU cycles running SMM code. (System Management Mode, effectively a separate CPU space with total access to everything.) SMM execution is *completely* invisible to all user, OS software and debuggers. We cut the NMI trace on the motherboard that was regularly throwing the CPU into SMM mode. No more SMM execution. The PC worked exactly as normal. Not a thing different that we could find.
All righty... what was all that SMM code doing? We didn't have a SMM disassembler, or time to pursue it further. But it makes one suspicious.
Then later we got hold of sets of Intel Yellow books, and learned the story behind those. In which NO ONE can design a working Pentium motherboard, without Intel having first vetted their entire design and approved of it. There are critical errors and omissions in the public Intel CPU data books, that make it impossible to design a working system. When your indie design doesn't work you go to Intel for assistance. They analyze your design, and if they like you and what you are doing, you get the yellow books (after your company signs an extremely serious NDA.) Those contain the *real* info.
And there is a deeper-secret-yet set of books, called the Intel Gray Books. Only major manufacturers can get those.
Guess I have sidestepped some of these issues by using older hardware and software (XP) but seriously beginning to consider Linux...........
Switching OS won't make any difference to security at all. The IME (Intel Management Engine) in all recent Intel CPUs is an always-on fully independent system, with it's own entire OS and networking capabilities, and total top-level access to the entire machine. It supposedly runs a version of Minix, of all things. There are also rumors that all Intel CPUs since um... 'Sandy Bridge' from memory, have an entire secret GSM modem built into the silicon. It would not surprise me at all if that's true.
The only way to fix this situation, is to take about 10% of the top management of Intel and Microsoft, and kill them. Give the companies 30 days to open source the entire platform and a year to remove all the spying bullshit, on pain of the next 10% getting the same treatment. And so on.