Here is a trick I have been using for last 6 months.
It is not fool proof, but it helps a lot.
Create a new account as "Administrator" and make your regular account as "User".
Put a password (easy password would do) on the Administrator account.
And remove Install permissions from your User account.
That is it.
Always login to User account.
This trick + the Windows defender will help you a lot.
Whenever a malware tries to install something it will ask for administrative password and you can ignore it.
Having said that, I can't emphasis enough on the need for backups.
Always backup your data.
In spite of the above tricks, I had virus twice.
All I did was to remove the User and re-add the User.
The data was not lost, because I had the backup.