Well, if you really want to sandbox some internet behavior (for example, porn, which I imagine has the highest percentage of sites delivering a malicious payload), use a virtual machine manager (VirtualBox) and set up a virtual machine (some Linux variant may serve best) for that specific type of access. You can do this multiple times, once for each type of access, such as a dedicated VM for accessing your bank website.

If you're really paranoid, you can save the state of the virtual machine before use, and restore the prior state every time you use, it, preventing any changes to the VM. You would occasionally want to start it up, install all the recommended updates, and then save the state again though.

Use an ad blocker (uBlock origin), keep your OS/Browser up to date. If you really want to get paranoid you can use NoScript or something like that (but you'll give up some convenience).

The main thing is to make sure you trust the things you're clicking on.

If you have to visit websites or try programs you don't trust, some people have virtual machines specifically for those situations. They'll visit the site/open the program inside the VM, and if something sketchy does happen, it'll be contained within the VM and not infect the host OS (unless it's incredibly sophisticated malware that can break out of VMs--but very unlikely you'd be targeted by something like that).

Don't run Windows, and don't run Javascript.

The best way would be to stop using Windows. Windows is the only platform where you see backward things like:

1. Antivirus software that gives a false sense of security being popular.

2. The vendor refusing to fix vulnerabilities that give attackers complete control because of backward compatibility concerns:

http://foxglovesecurity.com/2016/01/16/hot-potato/

3. UAC prompts that annoy users to the point where the user either turns them off or automatically clicks yes. This is in part because of the even weirder situation of legitimate software often being written to touch things that it has no business touching.

4. End users trained to execute software obtained from random internet sites.

5. File names used to identify files as executable.

There are probably other backward things with regard to security too, although I cannot think of them offhand.

Your best choices would be installing a Linux distribution or buying an Apple machine running Mac OS X. If you must use some sort of Windows, check out ReactOS:

https://www.reactos.org/

That likely does something by virtue of not having same bugs and not having yet implemented the legacy things that exploits often target. It is not as good for security as Linux or Mac OS X though.