CheezyWeezle

Windows Firewall is what you are looking for. In Windows firewall you add rules per process and can block them from accessing all networks.

um ACKSHUALLY you can disable Windows Update competely by setting group policies to disable automatic updates and specify a custom URL for Windows Update and point it to nothing. There a few other local group policies you can configure to further prevent updates, just open the Local Group Policy Editor and go to Computer/Administrative Templates/Windows/Windows Update (or something like that, look for Windows Update under Computer Administrative Templates).

I know this because literally yesterday I had to undo all of that so I could download something from the Microsoft Store (doing this also prevent MS Store apps from downloading)

I feel like a solution similar to m.2 could work, holding the module in place with a screw. I dont think the m.2 connector would suffice as it only has 67 pins and DIMMs have I think 288 pins, so that's quite a difference. I do think SODIMM has less pins, but not much less, definitely not to the tune of less than a quarter as many.

Having recently looked inside my steam deck to upgrade the storage, I honestly think they would have had room for at least one SODIMM slot, but the tradeoff is increased thermals, more power draw, and probably some design constraints around the pcb leads possibly leading to increased overhead or latency. I agree that a new form factor would be best to address these issues. It would be cool if something similar to the SXM socket came out, having a pad of pins so you can increase the amount of pins while taking up the same space.