I've heard from several people that it is possible to get hacked within minutes of installing Windows, while retrieving updates (this actually happened to someone I know... he was actually "lucky" that the hacker posted a terminal window informing him with a message that read "gotcha"). The vulnerable state isn't surprising, considering that the OS is years behind, with security patches missing in its initial state, prior to getting updates.
Thus, during updates, I make sure my Windows Firewall & Defender are running, and I don't surf the internet (that said, the Updates process itself is dependent on using IE, which is out-of-date). I also disable RDP, sharing, netbios, and even IPv6.
What other some other recommendations for improving security?
For one, I know that it helps to use Windows 7 with SP3 included. Is it possible to pre-download (via another computer) other pieces as well, such as NET, security patches, or the latest IE version?
I would install/run an anti-virus, but a Microsoft rep told me it's better to wait until the Windows "foundation" (NET & other updates) have been laid down, since some of the antivirus software's components might prefer to build onto it. Is that true?