> This is addressed two paragraphs after the one you've quoted.

And it's equally an incomplete assessment based on the same "This is fine" attitude. The computer could be participating in a botnet dedicated to bring down the network in hospitals or steal their sensitive medical data, and the author would never know.

Does using Windows 11 and keeping up with the latest updates as soon as they’re available prevent that from happening, compared to the author’s setup? Nothing would help if you click on the wrong download link for your favourite software in either case, and an innocent PDF has hacked Linus Tech Tips nevertheless. At least, by not keeping up to date you’re not opening yourself to new bugs.

You're comparing using an obsolete version full of known exploits in the wild, which may be hacked by automated scripts, with adopting a bleeding edge system which may or may not have undisclosed vulnerabilities potentially know only by a few elite researchers? Try again.

Also you're missing the obvious solution, using a long-term support system with a robust audit process and well timed security releases. Author's setup will NOT be safer than that.