The only changes to the security of Microsoft Operating Systems in the last thirty years have been dramatic improvements in obfuscation and non-attribution for those who hack them.
The reason Diogenes is still out there with his lamp looking for an honest man, is that his probability of success in that quest is much greater than the probability of him finding an uninfected Windows machine on a network.
There are two kinds of Windows users:
The first are individuals who use Windows and KNOW their devices and networks are thoroughly compromised and infected.
The second are individuals who use Windows and haven’t got a clue.
If you are faced with a non-negotiable operational requirement to use Windows, ensure you obtain your hardware from one of the very few approved product list sources, pop the hood and harden the BIOS, run Windows in a Virtual Environment hosted in Linux or Unix, and invest in a comprehensive set of security tools that let you see what is going on in the entire device, especially those areas that are not mapped by the Windows Operating System.
If you want to use encryption, know what you are doing, and have the ability to discern which products really work, encrypt the entire Virtual Environment. Encryption within Windows, like passwords, is a speed bump at best to any mildly competent hacker.
Your post is accurate and well stated. However, it is only understandable by a very few people among the general populace. An analogy would be a race car mechanic obsessed with getting the absolute most out of his engine without it blowing up, with special fuels, turbochargers, valve timing, ad infinitum. The rest of the people, 99.99 percent, are quite happy their car starts and gets them to their job.