I am here for penturning, not computer advice. Take this advice for what you paid for it:
* Install genuine Microsoft updates for Windows and the other Microsoft products on your computer (e.g., Office, Word, Excel, etc.). Those "patch" updates fix security bugs and protect your computer from being infected with malware. Hackers are constantly searching for unpatched computers to infect. Don't delay on it - as soon as the hackers learn about a new vulnerability, they get going. The hackers "disassemble" Microsoft's patches to see what they fix and how to exploit them. Microsoft patches typically follow a monthly cycle, but sometimes they release emergency patches. If you are not checking at least once a week, then you should be.
* Do not install or update any software, apps, programs, browser extensions, enhancements, or ANYTHING ELSE if you did not initiate it yourself.
* Reject any and all prompts that "just appear" and ask you to type your password. If you did not expect it and it is asking for your password, please stop and think. A lot. Then click Cancel or Reject or No or whatever denies the request.
* Create and run from an "unprivileged user account" for your routine work and data. Use your "Admin Account" only for installing software and updates. Do not login as an admin or enter your admin password routinely. Run Windows Update from the admin account. Because they lack "admin privileges", running from an unprivileged user account makes it more difficult for hackers to exploit or install their malicious software. If you see a prompt for an admin password when you are logged in using an unprivileged user account, you know that something isn't right. Just say no - don't enter the admin username and password.