If someone really wanted to be secure he should stay away generally from products from M$, Intel, AMD and so on.
The people now winning because of WannaCry and the SMB exploit it uses but they should wait till something find its way into wild which exploits Intel's Management Engine which isn't patchable like the some software exploit.
The best solution is something more 'open' source like a rpi/opi or similar with debian/linux but in the end someone will only be secure with a notepad and otp encryption.