The problem is that most users don't have the knowledge or interest to do anything other than use a computer as an appliance. They need to be presented with a ready-made and safe solution. Continuing to use XP online is, very definitely, not a safe or sensible option for those users. Bespoke security arrangements won't work for them.

The safe and sensible options are:

1. Buy a new system for accessing anything on-line, then pull the network cable on XP, or if you must leave it on a local network disable Internet access.

2. Dual boot a new OS with XP on the original machine. A pain in the backside having to reboot the system to switch between OSes. Again disable Internet access on XP.

3. Run XP in a virtual machine with Internet access disabled. Provided you have sufficient RAM and enough CPU grunt (not really a problem with a modern machine) this is a nice solution. There are ways and means to virtualise your current system (licensing permitting of course). Accessing legacy hardware could be a problem though.