Update - as best you can, make sure that the software on the machine is as up-to-date as it can be. There's no reason in exposing yourself to issues that could be easily avoided by having the latest versions.
Get behind a firewall - an exceptionally large number of vulnerabilities that perhaps can't or won't be fixed in your machine can be completely blocked simply by placing that machine behind a firewall. In this case, I strongly suggest a hardware firewall, like a router, just to avoid installing more things on your older machine.
Secure the rest of your network. You should be doing this already, of course, but this becomes doubly important as you now have a machine you know you can't completely secure. If another machine on your network becomes infected, that infection could easily jump to this machine. Even if you clean up the original infection, the damage will have been done.
Scan downloads - you're already doing this, and it's a good & important step. Just be sure that the malware software and database you're using are up-to-date.
Consider a cross-network scan - not a strong recommendation, but something to consider. Some anti-malware tools will allow you to scan a drive that's been shared on a network. For example, you might temporarily share the root of the "C" drive, and then from another PC on your network running anti-malware software, connect to that share and run the scan. This could be slow, and not all anti-malware software will do it.
I hope what I say could help you.