I think a virtual machine would be better. It's totally isolated from the host operating system, and you can make a snapshot when you first make the VM. Then, if it should get attacked, you can just shut it down and revert to the snapshot. The VM will be a virgin again!
You can use a vpn service, so all communication from the physical machine to the vpn server is encrypted, and then it's randomized with thousands of other users connected to the server. No one can tell what you're doing, where you're going, where you're from, your ip, you mac, or anything else. Even if your browser is configured to send your ip, the vpn strips that off, along with anything else it's looking for.
We're a bit security-conscious in our house. I mean, I had a pretty normal childhood. But my Dad doesn't talk much about his job. It's weird, bc like everyone mostly nos stufff like that. So, I just say he's in public service.
But I know about online security.