I’ll echo what @sentinel said.
An Ad Blocker is a great front line defense to “keep you out of trouble.” Most of the malicious junk you’ll pick up will come from those site that trick you into clicking stuff you shouldn’t, and an Ad Blocker will remove/block that stuff a lot of times.
On the AV front, I think your best bet would be a paid Malwarebytes subscription. Bitdefender is good as well. I wouldn’t recommend most of the others you buy off the shelf. As far as the built in Defender goes, yes it’s been doing a whole lot better these days - there are charts and reports that put it up against some of the paid ones and it wins out, so that’s a really good sign. I personally still feel better with a paid product like Bitdefender or Malwarebytes.
Side note/background - I’ve owned an IT company (MSP) for 12 years. You won’t have access to some of the tools/software we use; however, a layered approach is always your best bet. Make sure the Windows firewall is turned on, employ an Ad Blocker, have a good AV software (Defender, Malwarebytes, or otherwise), if you torrent anything be sure to use a VPN (this is a HUGE one, I use NordVPN), backup your stuff (it’s not a matter of IF, it’s a matter of WHEN, so make sure you backup regularly so you can clean-install when the time comes). having these layers in place will go a long way to keep you safe. Feel free to DM me if you have further questions, I’m happy to help!
Edit (because I know someone will bring it up): you should generally always use a VPN; however, if you torrent, it’s a requirement. Any time you torrent your public IP address shows up in the seed list. This gives hackers an easy way to target you - using a VPN will prevent your public IP address from being known, so it will make it harder to find you.