As a power user, I have had all incoming and outgoing SMB ports blocked on my firewall for at least 10-years now. Who knows what else might come along that might exploit some other vulnerability that may or may not be blocked by my firewall. Fortunately, I have never gotten a virus in my 20+ years of internet use.
However, since the Windows 10 update that was released in July of 16', I have disabled updates on my HTPC. Perhaps there will be those in this thread who will jump all over me for that, however, every time I have tried to update my HTPC since July of last year, something has broken that I use and consider essential that it functions every time I use that PC. Before anyone jumps on me for disabling updates, search for things like "Windows 10 black screen" (a particularly nasty one which a co-worker and I experienced) or "Windows 10 update breaks WiFi". Solutions for many of the issues do not exist, and going to Microsoft's support site is almost worthless when the supposed experts almost always respond with inane responses that often amount to "Is your computer on?"
Everyone may not realize this, however, Windows 10 updates are riddled with bugs some of which are serious enough to make a PC completely unusable, and it appears to be random as to whether or not your particular configuration of hardware and software will be impacted when a 10 update is applied. I simply do not want to spend the time to test an update, and ensure that it works when I apply it. That is supposed to be the job of Microsoft. Fortunately, I disk image before I attempt an update, so reverting is not that much of a time consumer; however, the update itself usually is a big time consumer.
So there is a tough choice here. Apply a 10 update, and potentially end up with a computer that is completely unusable, or apply the update and be safe from potential vulnerabilities if you are lucky enough not to encounter a bug in the update that breaks the PC.
To me, if an Update renders a PC unusable, then the update is much worse than a virus. I started with Win 3.1, and as I see it, 10 updates have been as bad as NT updates which could almost always be counted on to blue screen any PC on which they were installed. As I see it, Microsoft needs to stop pushing out Windows 10 updates that break either the entire computer or any subsystem that may be in use.
If Microsoft had wanted to, they could have their own people testing all the OS releases for vulnerabilities, and, as I see it (since they did not) they now want to pass the buck to the NSA for the release of this vulnerability. I realize that testing is expensive, but one thing that I don't think anyone in their right mind will argue is that with Big Bill's Billions, vulnerability testing would have been a drop in the bucket to his bank account.
As I see it, Microsoft should be doing a better job with update testing and vulnerability testing, and they have no excuse for the lackadaisical job they are currently doing with each.
You need a router, regardless, for security. the built in firewall is necessary, as well as IP-hiding.
A back door would be too easy for just about anyone to find, and who says they havent written "tailor-made" software, or are all the hundreds of 0Days totally on accident? Even if they are accidental, that means there is almost zero quality control @m$
and configured it to work.