[ghshephard]

Anti-Virus systems are not required for anybody who practices even a tiny modicum of caution (Don't browse with plugins like java enabled, never open attachments, don't click on links) - and in stand alone with a half decent set of firewall rules your Windows XP system will be fine.

[oblio]

A patched system with a firewall on and without "trojan horses" brought in by the user is relatively safe.

XP will stop getting patches soon.

And this list (http://www.cvedetails.com/vulnerability-list/vendor_id-26/pr...) is only going to get longer and longer, because even though Microsoft will be EOLing XP, there will be tens of millions of Internet facing machines using it, probably even in 2020.

[ghshephard]

Having a firewall + not loading trojans gets you 99.9% of the way to security.

The problems are that normally people (A) don't want to deal with the hassle of a firewall, and (B) don't like to be cautious about opening attachments (C) People don't like to be restrained about what they click on, and finally (D) People tend to browse with all sorts of plugins loaded (not to mention Javascript being almost universally loaded).

For those people, yes, they will need to have a lot more handholding by their operating system vendor.

For somebody running a Windows XP system that doesn't have to do any of those (Cash Register, Kiosk, Office Machine) - they are fine, can be locked down, and can probably run Windows XP for the next 20 years without concern.