My thinking is as follows (stemming from occasional engagement with lectures on cyber security). Firstly, we must realize that there is no 100% security, and secondly, that humans are always the weakest link in the cyber security chain. It's always possible for someone (intentionally or unintentionally) to cause an infection in the system, as viruses and other malicious software are becoming increasingly complex, while security (cyber) is always playing catch-up – at least one step behind. I advise using verified software protection – Windows Defender alone (as part of the OS) is better than nothing, but for professional use, invest approximately €100 and purchase a good solution. Still, this won't solve all problems; the basic rule still applies – act responsibly, thoughtfully, if unsure – ask, if not sure – don't open... Simple and effective. However, I also greatly fear being the "cause" of infection for multiple users – as a developer and "distributor" of solutions...