You can improve your odds a lot by using an up-to-date third-party browser (e.g. Firefox or Chrome), closing *all* external ports with the firewall and keeping it behind a hardware firewall (i.e. a router that doesn't forward any ports to it.)
Of course, you could also just install Linux instead.