So windows has always been about giving you a really nice atmosphere at all costs. A very charming interface with lots of character and lots of pretty colours, and so many processes and dependencies running all the time to be accessed whenever they may have a use, making everything so swift and plug and play and instant installations and etc. Basically Windows lets anyone be able to just do lots of things by simple button clicking and stuff. This gives many many loopholes and really straightforward attacks from malicious software and people with bad intentions. We can't fix said problems completely fundamentally. We can turn off unnecessary features and get protection though.
The security updates of the actual operating system don't have to matter too much. You can benefit from disabling things in services.msc, which means many techniques and loopholes that are programmed into malware to attack your system will be reduced. See: http://www.blackviper.com/service-configurations/black-vipers-windows-xp-x86-32-bit-service-pack-3-service-configurations/
Another very important thing is to have an anti-virus, and you want a really proper one, or else its kind of pointless. You want really thorough protection from companies like Kaspersky and Eset. I think the software package Kaspersky Internet Security is best.
Also regarding browsers, these days, browsers just accept cookies from everywhere without asking you, and expose themselves to all scripts like javascript and flash. Cookies can cause privacy problems and scripts can directly impose malicious activity to your system. Browsers aren't stupid these days, well a bit, but the point is they regularly update to check for bad things like bad cookies and bad scripts and sort of hand pick the evils of the internet. Basically, its a blacklist approach that may as well be a whitelist approach. People choosing to enable scripts themselves and enable cookies themselves is a very small inconvenience and can be gotten used to very quickly, and that can be benefited from greatly. Things like noscript and cookie controller for Firefox make these things possible.