Perimeter Defence
Block scripts: Use NoScript or uMatrix.
Turn off stupid things on firewall, such as uPnP
No remote content by default on email
Not clicking on stupid attachments or links
No autorun.
Disable services you don't use.
The dratted malware has to get ON the machine first. Side effect of above is that you likely won't get other zero days and might not even need AV, which is like a trigger happy SWAT team INSIDE the home/office/hotel. Check the guys at the doors, windows, ventilators, sewers and chimneys, stop shooting innocent stuff MEANT to be inside. User training.