My desktop computer was loaded with xp when it came out, & is still running it. I mainly use my laptop nowadays but the desktop machine still runs 24/7 for my confidential stuff. Yes, it is connected at all times.
In all these years, I have been infected just twice... one of them was ransomeware. Once I discovered the infection, it took me only 45 minutes to TOTALLY get rid of the nasty stuff.
Here is the light-as-a-feather security set-up I use.....
1) first and foremost I image my system drive, using Acronis, once weekly --- PLUS I also image just before I will install a big, complex app. I image onto removable drives. I kill my connection just before turning on the external drive, then do the image, then turn off the external drive before re-connecting to the net. I keep all my images & when the drive gets crowded, it's FIFO... delete the oldest image to make room for the newest.
==>when I was infected, I installed a clean image and- poof! - all was copacetic once more.
2) With imaging as my security linchpin, I need other security primarily for the DETECTION of an infection instead of its PREVENTION. Prevention mandates security apps running real time all the time. Detection apps need run only on-demand. a) So I run Avast Free, but I have deactivated all of its real-time components... its GUI makes it easy to do that. So I use Avast only for on-demand scans of every download. b) Secondly, I use adinf.com's file integrity checker. It is a PITA, however, so you might not want to use it unless your job depends on a secure computer. An integrity checker makes highly secure hashes & then tells you if even 1 bit gets changed... added, deleted, or modified.
And that is all. I usually image right at bedtime so, when I wake up the next day, it's done.
PFW is a powerful FW and ALSO does behavior blocking, plus learns your "habits" when you use your computer (you set it by doing files>settings>advanced). Then you tell it how long to train itself, & how big a deviation from norm should trigger it to alert you. It is kind of chatty for a while, then it gets really quiet. In that respect, PFW is like when you cross a lion with a parrot... I don't know what you should call its child, but when it talks you jolly well better listen. The same is true of PFW, once it ages a few weeks & learns how you work, you better listen when it alerts.
=>If strong security is needed for your peace of mind, PFW is the way to go. ,NOTE: Comodo is another FW that includes a powerful behavior blocker, but it does not monitor your habits as PFW does.