I'm okay with computers but hardly a 'guru', and I need one...

I've been posting up lately about how all my win7's are acting like they're swimming in quicksand. So I picked up a nice used Dell Optiplex 790 off ebay. Been setting it up for the past week. I've installed Service Pack 1, no other updates whatsover. It's OFF the net except for whatever few minutes is needed to install/license programs from online, like Foxit PDF, etc... It's running 7 pro 64, only 4g ram (at the moment), and a 1tb hard drive. Pretty barebones. I've been xferring files & such, got most of my graphics, Office and normally-used programs loaded, still some to go, but as of now it's totally "usable"...

This new computer is SO much faster than my 'fast' T5400 computer it's hard to describe. What takes 5, 8, 20 seconds or more to happen on my T5400 is flat out instantaneous on this 'new' one. I know that Microsoft is still 'background' updating win7's and other computers with 'critical' security updates, regardless of the fact their 'support' ended almost 2 years ago, and also regardless of the fact my computers have been set up specifically to NOT update for YEARS. Sounds like a conspiracy theory, but I've read this online, and been told this by a couple of customers who 'do' computers for a living. And these updates are supposedly slowing the hell out of the computers, supposedly on purpose... I can't speak to the truth-or not- behind the talk, but I DO know that ALL of my win7 computers are so ridiculously slow that they're unusable. I swear, the characters "(Not Responding)" appear in the upper ribbons so often they're tarting to burn-in to the monitors! These computers used to be fast...

SO-- I now have a blazing fast Win7, that's going to take the place of every other computer, one at a time, one while I do a complete drive wipe and Windows 7 restoration on them all. Having just done the new one, it's fresh in my little brain what to do on the subsequent computers. My goal, have lightning-fast Win7 computers doing proprietary work running my programs and machines, while learning to put up with the nonsense and hassle of using a Win11 computer or two for all internet duties.

WHY I NEED A GURU-- Search engines, being geared for advertising for profit over locating actual useful information these days, are completely useless in finding an answer to THIS question:

WHAT do I have to do to firewall, block, keep-out, prevent, and/or otherwise just plain STOP Microsoft from invading my computers? While I can keep any or all of my computers off the INTERNET, I cannot keep them off my NETWORK, which IS on the internet... Are there any port-blocking protocols I can add, or firewall settings I can perform, or IP address or dot-com blocking procedures, 0.0.0.127 host-name blocks, router-based blocking, ANYTHING that will work--??? These old relic computers seem to work rather well before they're invaded with 'security' fixes. I'd like to keep 'em that way!

(for those who may not know me that well, no, I can't upgrade my computers, due to the machinery and programs they run)

Thanks in advance