I work in cyber security for the military.
Windows defender does pretty good.
But keep this in mind: 99% of what antiviruses do is hash files and check if that hash matches known malicious hashes. If it does then it pops up hot and quarantines or deletes the file.
It doesn't take much to change the hash of a file. A single change to a single bit in the file will change the hash. So it's not hard for someone who wants to get into your system to avoid any antivirus you have installed. Bottom line: if they want in they are getting in.
That being said, if you avoid shady websites, don't browse porn or warez (illegal downloads) and you don't install shady software for stupid shit (RAM cleaner or something that automates returning pokes on Facebook) and only download and install software from the manufacturers website (only download and install steam from steampowered.com) you should be ok. That's what I do at home (I also run a pihole on my network which probably helps.)
Also use 2 factor authentication on everything you can. A password alone is no longer secure.. some hashcat boxes can perform 3 billion password guesses per second against a captured password hash. Since you can pair hashcat boxes together the only limit to that number being multiplied is how much money the person or organization has to spend on hashcat boxes.