This is probably bad advice, but here goes.
My laptop crashed the other week, I had to reinstall Windows Vista Home Basic. It was supplied with the laptop.
So now it's like brand new machine. I installed service patch 1 and 2.
These came out within a couple of years of Vista being launched. I have them stored on disk.
I've turned off Windows Updates. I don't want anymore Microsoft crap on my laptop. I don't want to sit for ages waiting for updates.
I have a virus checker running, I'm careful with my internet browsing, I'm extra careful with email attachments.
I don't go trawling the net looking for copyright films, songs, or porn. (Very often LOL)
I keep a back up of all my files, sadly this failed recently, but that's another story.
Every couple of years I do a fresh install of Windows again.
I've done this since my first decent laptop running Win95 in 2000.
I've never had an account, FB, Ebay etc hacked. Never had a debit or credit card problem.
I once got a virus that wiped my laptop, in 2001. It was in a video that Our_Lass's son sent me in an email.
That's how I learn't to never trust anything from anybody. He'd sent it quite unaware it was infected.
I presume Microsoft must have a continuing commitment to show they are doing their best to stop people from having their customers systems hacked. Personally, I'll risk it, and not blame MS if owt goes wrong. They'd never accept responsibility anyway