I've used every Windows from DOS to 11, but I liked XP SP3 so much for gaming that I used it until December of 2021 on my main machine. I have no firewall or antivirus of any kind on my computer or my router. I've always disabled all of that ever since I got into hardcore gaming many years ago because security and gaming are like water and oil, they just don't get along. I've never been infected with any kind of malware while using this approach, and I also don't use Windows Update after Microsoft revoked user control over it in newer operating systems.
On the flipside, my friends, family, and co-workers have all asked me to fix their computers over the years after they got infected, while using the default settings everywhere, meaning they had multiple firewalls, antivirus, and updates protecting them. Why do they get infected, but I do not? Because the vast majority of security can be handled with a small toolbox and good browsing habits. Here is my basic list of stuff I require to feel secure or else I wouldn't run a machine in a zero-security configuration:
- Browser: pick a good one, Chrome is the best in my testing, but any chromium-based browser will perform well, which is actually most browsers nowadays, as they're all converting over to chromium since it has won the browser wars. All browsers have terrible default settings though which reduce performance and are security hazards. Be sure to disable all the features, such as prefetching, autofill, etcetera. Also, use incognito mode so that you won't stay signed in forever to websites since a lot of people don't actively "sign out" when they're done, or ever clear their cache.
- Adblocker: uBlock Origin is hands-down the best, there's no question. Part of why it works so great is because it actually prevents ads from being downloaded at all, meaning your browsing speeds improve and you can prevent malware too since those connections aren't being established. The internet is also horrible to browse with all the ad clutter everywhere nowadays and so this is becoming mandatory for the web to be usable.
- Vectors: optimizing the operating system greatly helps to eliminate attack vectors. There is so much going on in the background, and all of these are potential backdoors into your machine. Removing components and disabling things with NTLite can greatly improve security by giving attackers less opportunities to work with. This is where viruses tend to become famous, by targeting vulnerabilities in Windows features. You can wait around for Microsoft to patch these, or you can remove/disable these features which solves the problem and frees up resources too. Modern operating systems are actually far less secure than previous ones because the number of attack vectors has skyrocketed over the years (bloat).
- Habits: don't visit shady sites, and only download from reputable places. This is pretty basic stuff, but it's by far where most problems come from, and is way more important than any combination of firewall or antivirus. My mother in-law for example kept getting infected repeatedly and I discovered it was because she was downloading "free" Sims game expansions from random sites, which were infecting her with viruses.
- Minimalism: I view computers as volatile devices (because they are). As such, I don't keep my entire life on my computer, and instead I keep important files elsewhere and only install whatever my computer actually needs. It stays in a minimalistic state at all times. If disaster ever happens, I can plug in the USB stick with my custom Windows, reinstall, and within 2-3 hours I'm back in business. I have a routine to reinstall Windows once every 6 or 12 months depending on how heavy I'm using my PC because that ensures top performance and keeps security tight.
- Updates: instead of using Windows Update, I disable it and at the end of every year when the new version comes out (21H2, 22H2, etcetera) I test it and see if it's worth upgrading to. If it is, then I build a brand new custom Windows using that new version and cleanly install it. This gives you the benefits of having a patched system, but without all the numerous headaches and problems of Microsoft's low quality control nowadays, pushing out bad updates. This approach also releases the excessive computer resources that Windows update consumes.
- Router: at a minimum you need to be behind a router, using NAT (network address translation) to avoid problems in a zero-security configuration, otherwise, connecting your PC straight to a cable or DSL modem will eventually result in malware.
To help prove my point about being able to use a computer without security, many older Windows operating systems had no firewall or antivirus and yet there wasn't a global computer virus pandemic. Yes, this stuff is always being hyped in the news because it's great click-bait for ad revenue, but it's really not as much of a problem as it gets made out to be, as running XP in modern days has shown.