Computer networks

FireWall and exclusive network access method?

I am not a person who has ever seriously wondered about network security. Put antivirus and calm. I think a lot of people do this.
However, quite recently, I fully realized from my own experience that one antivirus is not enough. Moreover, often even the presence of a head does not save one from some malicious debris - the situations are completely different.
The most interesting thing is that in the event of a system infection, it often does not make sense to clean it, poke around in registries, system files, etc., because now you can rarely run into an infection that is limited to prescribing itself only in the registry or startup - usually things are much more serious. For example, after an invasion and a complete manual cleaning, half of dozens of functions still fell off (search, store, grove, and even the notorious firewall died).
That is why I had the idea to block absolutely all incoming and outgoing connections in the firewall, leaving access only to what I use (browser, file share, etc.)
This is the question - is this a good practice? How much will it increase the security of the system?
Antiviruses, sandboxes, firewalls, what other technical methods exist to minimize the risk of infection?
At one time I used Linux distros, compiled gents and archies and was pleased that I didn’t have to worry about it at all, that even out of the box, without any effort on the part of the user, everything already works, and that you need to try very hard, to do something malicious.
Is it possible to get the same feeling (or at least a closer) feeling of comfort and safety on ordinary windows?