I use an Ethernet cable so don't have any issues. If your router is anywhere near it I would recommend (In the end I cabled all the rooms in my house, no regrets).

Our Computers are in a local network but disconnected from the Internet.
To make connection for updates - or disconect - we change the gateway (network adapter) adress to the dsl-router, or to a wrong IP adress.
For permanent Internet I have a separate laptop.
 
 
 

I only connect my DAW when I want to update things or install new software. I built this machine specifically for audio and have a laptop for my general intertubing (which I can keep in the room with my as I work at the DAW if I want to research something or get the ole intertube itch).
 
When I DO go online though I turn my antivirus back on BEFORE I plug in my network cable (I specifically did not install a wifi adapter on the system) then the first thing I do is update the antivirus. Then I'll update Windows (particularly the security updates). I may also do a quick scan of the system.
 
My internet settings are set to the maximum protection levels and I use NoScript and Adblock+ in my browser which blocks EVERYTHING except the bare bones of a website. I only enable scripts absolutely necessary to accomplish my updates. It's all the third party domains that allow the virus and nasty critter to creep in (at least on trusted/secure/reputable sites).
 
Before I download anything (but sometimes after and before I install) I create a Windows system restore point so if something wonky happens I can get back to where I was (much quicker than system image and doesn't require a huge chunk of storage space... but not as resistant to full on failure).
 
Paranoid? Hellz ya... but it's the internet. Things happen and even the "trusted" software manufacturers put all sorts of dumb crap that auto connects to do "helpful" things. When I'm at the DAW I'm doing music stuff and I expect the DAW to focused on exactly that. Not pissing around in the background having a little chat with god knows what server.

Kylotan
There aren't hackers waiting to connect to your PC to attack it

There are however worms that are waiting and they don't need you to do anything. They are usually controlled by botnets which scan IP addresses looking for open ports they can exploit, often using a buffer overflow attack to insert themselves into the PC. After which they download all sorts of stuff and add your PC to their owner's botnet. That sort of vulnerability is detected in current operating systems surprisingly frequently.
 
Connecting to the internet at all without being behind a firewall is a no-no, especially on a Windows PC - not necessarily because Windows is inherently less secure (though in some ways it is) but because nearly 90% of PCs run Windows so it makes most sense for the bad guys to concentrate on breaking into Windows machines.
 
The risk is particularly high if Windows and other applications aren't updated so don't have the security fixes applied. A major UK government department had a huge infection from the Blaster worm some years ago. Three years after MS had issued the update that fixed the security hole Blaster exploited. Despite that corporate IT still tends to be very wary of updating anything just in case it has unforeseen repercussions on business-critical applications. Instead they usually use industrial strength firewalling at the point their network connects to the internet. 

Doktor Avalanche
Strongly recommend you don't disable your firewall and antivirus unless you never ever connect to the internet and never ever update You will be if updating Sonar and running windows update I assume. Win10 updates are making the OS faster and more stable (an OS that has yet to fully mature). In theory viruses and malicious activity can be detected even after something has been downloaded and installed (several layers of security).

No plans on updating Windows 10. It runs just fine and the only things I do on it are Sonar (X3e) and Microsoft Access (2007). When it was on Win 8 and then 8.1 it kept slowing down more and more with each update. I'll skip the updates to keep it running consistent. And as you can see, there is no need to update Sonar (no longer being updated by Cakewalk) and previously there was not a single update that improved the performance of Office 2007. I'll just keep it as is and disconnected.

Always connected. Antivirus, firewall, I can download something, I can even watch IP-TV on my PC and use Sonar simultaneously if I want, and it doesn't affect sound and performance. So for me isolation sounds like paranoia, yes. But it is my home computer.

MandolinPicker
When it was on Win 8 and then 8.1 it kept slowing down more and more with each update.

Probably because you were being selective about updates or some other unrelated factor. Win 8.x kept releasing performance patches which did exactly as they said on the tin, worked for me the OS just got faster and faster. It's been like that since Windows 7 (earlier incarnation of the OS often did suffer from the behavior you described). One of the reasons MS forced updates upon people in Windows 10 was because machines on some random patch level were far harder to fix and improve (unpredictable), rather than a whole load of machines on exactly the same patch level.
 
Anyway good luck with that strategy . You will never know what the future improvements may bring ;).
As you are sticking with X3E I get your strategy however...
 

tlw
There are however worms that are waiting and they don't need you to do anything. They are usually controlled by botnets which scan IP addresses looking for open ports they can exploit, often using a buffer overflow attack to insert themselves into the PC. After which they download all sorts of stuff and add your PC to their owner's botnet. That sort of vulnerability is detected in current operating systems surprisingly frequently.

Zero-day exploits for current operating systems and browsers are quite rare. The majority of the time, the problem is fixed before there's any evidence of anyone being affected by it. You might argue that it's not worth taking even that risk. I'd argue you're better off staying online and getting updates regularly. There was a point a few years back where Windows machines could expect to be attacked within 30 minutes of installation, in that time between getting up and running and getting patched. If you're regularly leaving weeks or months between connecting for patches, you risk experiencing a smaller version of that each time you connect, as the cumulative patches get queued up.
 

Connecting to the internet at all without being behind a firewall is a no-no, especially on a Windows PC - not necessarily because Windows is inherently less secure (though in some ways it is) but because nearly 90% of PCs run Windows so it makes most sense for the bad guys to concentrate on breaking into Windows machines.

I would recommend having the firewall on, but it's worth people understanding that it's only possible to connect to services (maliciously or not) that are actively listening for connections. If you're diligent about shutting off unnecessary services then it's just as secure as having no firewall. Most people don't have the time or interest to learn that diligence which is where firewalls help.

Kylotan
Zero-day exploits for current operating systems and browsers are quite rare. The majority of the time, the problem is fixed before there's any evidence of anyone being affected by it. You might argue that it's not worth taking even that risk. I'd argue you're better off staying online and getting updates regularly.

 
I would argue that if you do this then you don't really need to do that... doesn't apply. i.e. I locked the door so it's fine to keep the windows open. Security is all about having several layers of protection.
 

Kylotan
If you're diligent about shutting off unnecessary services then it's just as secure as having no firewall. Most people don't have the time or interest to learn that diligence which is where firewalls help.

And make sure you don't use a web browser or have anything that polls the internet, or run any updating programs which in turn may have vulnerabilities, or for that matter anything that polls the internet.
 
Firewalls not only block what's coming in, but quite often what is going out.
If you are running internet without a firewall, that's complete madness IMHO, even if you think you have disabled everything that could get to it there are still vulnerabilities.
 
Cheers...

On a related point, I have a USB wifi adapter that I would plug in, update and then "disconnect" from the System Tray icon.  Then unplug the USB adapter.  I sense I could go into the Device Manager, right-click and disable a USB port that the adapter sits in but how do I know which USB item in Device Manager would be correct?
 
Thanks,
 
Steve