First of all, the most common attack surface of most Windows PCs is Chrome. I find almost all malware in either extensions, or via misuse of Chrome features (many customers think they have malware because a spammer has been granted access to Chrome's notifications feature).
However, bear in mind, as others said, NAT isn't a security feature, it's just an annoying roadblock that helpfully makes accessing computers somewhat more difficult. However, quite a few applications on the average PC reach out and touch other services, granting malicious actors plenty of ways into a PC.
I get the hate on walled gardens, as a big antitrust supporter, but unfortunately, Windows 10's app model (universal apps) gets a bad rap because of the Microsoft Store being generally considered attached to it: UWP apps are basically the safest way to run apps, because UWP apps cannot harm other things outside of their little sandbox. And contrary to popular belief, it's entirely possible to create, distribute, and install UWP apps without the Microsoft Store. Microsoft has definitely had some missteps in both rolling out and marketing the newer app model, but it is the future.
Sandboxed applications not only provide unparalleled security, they also are incredibly stable because other apps can't tamper with them either. By being self-contained, developers can generally be confident the app will work on any machine without issue.
However, bear in mind, as others said, NAT isn't a security feature, it's just an annoying roadblock that helpfully makes accessing computers somewhat more difficult. However, quite a few applications on the average PC reach out and touch other services, granting malicious actors plenty of ways into a PC.
I get the hate on walled gardens, as a big antitrust supporter, but unfortunately, Windows 10's app model (universal apps) gets a bad rap because of the Microsoft Store being generally considered attached to it: UWP apps are basically the safest way to run apps, because UWP apps cannot harm other things outside of their little sandbox. And contrary to popular belief, it's entirely possible to create, distribute, and install UWP apps without the Microsoft Store. Microsoft has definitely had some missteps in both rolling out and marketing the newer app model, but it is the future.
Sandboxed applications not only provide unparalleled security, they also are incredibly stable because other apps can't tamper with them either. By being self-contained, developers can generally be confident the app will work on any machine without issue.