Don't just disable the networking, break or remove the adapter. Then you have a machine that can only be interfaced with through the USB or other ports.
But how do you actually do that? You need to do it physically?
I've been using an offline wallet to sign for a while, but I just disabled network adapters. I figured it was kinda bullshit, but the reality is that the risk is already pretty low. The offline machine was formatted clean and never connected to the internet. It seems to me that in either case (networking disabled vs. actually removed) the thumb drive you use for transporting raw transactions is a required attack vector.
Let's say Windows forces a shutdown/update and re-enables network adapters. What then? Some malware from the thumb drive keylogs my wallet password, swipes my private keys and......but there's no unprotected network to connect to. I'm not crazy for thinking the risk is low here am I? If there's malware sophisticated enough to do the above, then copy itself to the thumb drive and push the data from the online computer, then it seems like a PC with network adapter removed is prone to the same attack.