A lot has changed. Windows Defender is now found to be the best available. It's actually been getting good since 7 due to how it manages kernel hooking without interfering with userland operation, but people don't pay attention to that because "HURRR, MUH HEURISTIC RATES".
--------------------- MERGED ---------------------------
So start monitoring your system with Process Explorer and other tools that give you a verbose look at what's actually going on. You might have a Bitcoin miner that only works when your computer is idle. You might have a RAT that is just harvesting passwords. These things go unnoticed because we don't care enough to pay attention.
Also, Steam has a privelge escalation 0day that recently went public
that Valve refuses to fix
https://amonitoring.ru/article/steamclient-0day/
Getting the access necessary to leverage this is a walk in the park. Point is, an ad blocker, and what you perceive to be common sense, isn't enough. Any target audience could easily be hit. In this case, a title with malicious code could be released on Steam that manipulates this, and boom; millions are infected. Other things with access to the registry, like RATs, can make use of this. Someone dedicated enough could gain access to install rootkits due to this oversight. Anyone with Steam on Windows is in danger.
Edit: Valve tried to fix it, but it still exists.
https://xiaoyinl.github.io/steam_EoP_bypass.html