Looks nice.
You can rename your desktop shortcuts with invisible characters to have them only appear as icons. One character that works for this is holding alt and using the numpad to press 255, you cant have the same name for the icons, so just add different number of invisible characters to them.
To expand on the container/vm idea, for someone that's never done such a thing before, installing whatever OS u want (windows or other) in virtual box then setting the network get internet only from the vpn would be a very secure but not all that hard to do.
The easiest way for a beginner would however be to use a VPN that have its own software with built in kill switch, then you select whatever program you want killed if the vpn goes down, and it just exits that program. (If your paranoid research DNS leaks first)