Anti-virus aren't really that needed nowadays. I don't know if the security protocols of windows got better or the virus folks lost interest but we haven't seen any dangerous stuff for basically a decade.
Malware, on the other hand, are very common, but you can 100% avoid them not clicking on wrong stuff. Chose your ~mature content~ websites wisely. In any case if you get infected Malware Bytes is the best resource
Other kinds of attacks are very personal and to be infected you must be personally targeted by someone. In these cases there's not much to be done besides firewall and router ports but I wouldn't give myself the trouble. If a smart guy targets you you're pretty much fucked. But chances are rather slim. Usually high profile targets are the ones in risk. Besides, setting up strict firewalls and router blocks can screw connectivity on games and other p2p stuff.
I only run Windows Defender because it's a hassle to deactivate it anyway and I'll do a malware scan yearly but I'm almost every time totally clean.
However, my bother's and father's notebooks are a nightmare
Took me 4 hours to completely purge my brother's notebook full of malware. Probably infected on those pirate online streaming series and movies websites and downloading scammy software crap (like "audio enhancers" and "performance boosters")