At least you had a decent host firewall by then. Pre XP-SP2 you'd get malware just hooking up to the internet.

It's not difficult to de-shittify 10/11. There's a tool that automatically does it call ShutUp10.

It's arguably a bit shit from a business perspective, but has no real impact on power-users day to day.

You need to be careful with ShutUp10/11. You can easily break automated security rules or system APIs if you carelessly enable all of those settings. You can't just apply these patches and forget about them, sometimes you need to undo your work to get updates installed or to resolve problems (for example, the "disable internet check API" privacy setting can cause some applications to display "you're not connected to the WiFi" popups).

It's also an uphill battle against the ever encroaching Microsoft Edge bullshit; every time you remove part of the bullshit, Microsoft comes out with an update that adds more.

If you're stuck with Windows I'd consider the safe defaults for ShutUp1x as essential but you do need to read the notes for every setting you enable, which may require some Googling so you understand what you're doing.

Does it work without a Enterprise install?

Yes, I'd even go as far to say it's designed for use with Home and Pro; it's setting the toggles enterprise/LTSC users will most likely already be managing through their centralized group management software.