Patent attributes
A host computer system may be configured to connect to a network. The host computer system may be configured to implement a workspace and an isolated computing environment. The host computer system may be configured to isolate the isolated computing environment from the workspace using an internal isolation firewall. The internal isolation firewall may be configured to prevent data from being communicated between the isolated computing environment and the workspace, for example, without an explicit user input. When malware is received by the isolated computing environment, the internal isolation firewall may be configured to prevent the malware from accessing data on the workspace of the host computer system. The host computer system may be configured to implement one or more mechanisms that prevent malware received by the host computer system from exfiltrating, to a network destination, data from the host computer system and data from other devices on the network.