Depends on your browsing habits. If you're only visiting a handful of trustworthy websites maybe never. If you spend nine hours a day on bootleg hentai streaming sites, maybe very quickly.
Maybe. See we had a trusted B2B site we use for stock. Then we noticed our bank account being raided. Turns out they had hackers on their system skimming all the card details.
Most likely never because nothing more advanced than very basic HTML sites work with IE6 nowadays and with JS enabled you are more likely to crash the browser than visit a site.
This includes the vast majority of ads which are the main way to get such malware. Also chances are even if a bad ad (or other vulnerability) hits you, it wont work because it'd be designed for browsers people actually use :-P.
If you turn off JS and all the other features (ActiveX, etc.) that should've never been allowed on anything other than sites you fully trust, probably a very long time.
I wonder how much malware now just refuses to run on XP because it attempts to use functions that were introduced in later versions.
If I was going to attempt this with a VM, maybe I would try to perform a checksum on every file first then recheck everything after an hour (from a powered down state) and look for changes. I would be concerned that any malware would simply be a downloader for something which is undetectable to AV.
Probably the wrong place to ask, but this seems like such a fun experiment to try but maybe more difficult than I initially thought.
I’ve used windows XP tablet is on a Toshiba with a patched up version of Firefox designed to use TLS 1.3 on the internet without issues for hours. I think most software is so I’m compatible with it that even hacking it is a history lesson.
I think it was more people clicking on links being sent to them in IM, emails or other personal messaging.
I used to for fun 2001 to 2006 or so, run a fresh install of 98se which I had burned to CD, recovery was about 20 mins perhaps a bit less, (read however long it took to copy a 600 meg image to hard drive) and cruised the net. No security as such, just seeing what was out there, what ports being probed etc. I rarely had any issues. Yes of course when I was tormenting some large wannabe hacker forum (read script kiddies) where one or more had decided to prove themselves by attacking a couple of harmless looking forums, yes I think they managed to get in pretty quickly iirc about five minutes. For giggles after a couple of times (they got quicker) I switched over to a live linux cd ... but since one of their members had outdone themselves and annoyed people who unlike myself quite happy with my new chew toys, ... I figured just a matter of time before my fun would end ... their forum strangely packed it at end of week :) In all of it, my only issue albeit a very serious one, was contaminated backups, which occurred when was when I was "tagged" in 2003 with something, which was so unique that last time I scanned a copy of the infected system in 2009-10, it still didn't raise any flags with the latest anti malware or root kit detection available at the time.