Software, for the most part, is not the same. Use of old, outdated software with security vulnerabilities just makes you a target for the hackers and script kiddies out there. I would equate it more to continuing to drink milk that is over it's expiration date. You may be ok for a short period but if you just keep drinking, it will get you sick as a dog. Most times, it's best to get a new one and throw the old shit out.
In Sweden, for milk, it's said that the expiration date is set for fridges running at 8oC, and as most fridges are running at 4oC milk should be ok a few Days after expiration date. And, generally, if you're in doubt, smell it.
It's a different thing during the summer when milk can turn sour very quickly. And also when you open the milk container (for first time) it starts to get vulnerable to things like listeria.
As for Windows XP, I run it Daily more or less, as a surfing sandbox. No big deal if it gets caught by a script kiddie; on one computer the base image is on the SSD and the (temporary) differncing file is copied to a ramdisk and runs from there. Reason I run Windows XP as a surfing sandbox is because it's lightweight (boots fast with 1-2 gb of memory) - though I can't say that Chrome is lightweight (at least not with like 10 open windows).
I Think everyone needs to make the decision by their own: "How likely is it that this computer setup will be hacked and what will the consequences be". For entropia it's like, if you're a land owner with 100k's of PEDs invested, yes then you want it to be ironclad. But if you just use it as Entertainment after work and you get "hacked" and you know you won't cry if your computer gets taken over by let's say ransomwere and you need to reinstall it all, then it's a choice you have made.
I don't have an ironclad setup at home (there is one thing I should do that practically would be connecting an USB wire and add Another driver), but it's reasonable safe. Like, I got a firewall that stops windows networking calls, and I have restricted ports that my computer can connect to in areas such as the APNIC area and that french ISP that seemed to (at least a few years ago) host quite a few troublemakers.
Just for fun, I watched my firewall log. (I ahve to admit I usually don't do it often nowdays.)
This is what I saw that was interesting:
AUG 30 23:40:22:linei (40) tcp 145.239.140.179 > (external ip) (20) AS 25461 > 59604 - DENY rule default - s(8)accept u(-1)deny
AUG 30 23:45:25:linei (40) tcp 59.41.103.97 > (external ip) (20) S 55972 > ssh'22' - DENY rule - s(4)deny
AUG 30 23:48:17:linei (40) tcp 95.215.1.201 > (external ip) (20) S 42365 > 3394 - DENY rule default - s(8)accept u(-1)deny
AUG 30 23:49:18:linei (40) tcp 175.205.178.104 > (external ip) (20) S 6958 > http'80' - DENY rule default - s(8)accept u(-1)deny
AUG 30 23:49:18:linei (40) tcp 175.205.178.104 > (external ip) (20) S 7893 > http-alt'8080' - DENY rule - s(8)accept u(0)deny
AUG 30 23:49:18:linei (40) tcp 175.205.178.104 > (external ip) (20) S 6175 > ftp'21' - DENY rule default - s(8)accept u(-1)deny
AUG 30 23:49:18:linei (40) tcp 175.205.178.104 > (external ip) (20) S 6075 > ssh'22' - DENY rule - s(8)accept u(0)deny
AUG 30 23:49:54:linei (40) tcp 5.188.10.103 > (external ip) (20) S 53710 > 5064 - DENY rule default - s(8)accept u(-1)deny
AUG 30 23:52:45:linei (458) udp 212.129.52.104 > (external ip) (430) 5120 > sip'5060' - DENY rule - s(4)deny - REGISTER sip
external ip):5060 SIP
AUG 30 23:53:28:linei (40) tcp 222.96.190.71 > (external ip) (20) S 37329 > telnet'23' - DENY rule - s(4)deny
AUG 30 23:53:58:linei (40) tcp 81.227.39.86 > (external ip) (20) S 25214 > telnet'23' - DENY rule default - s(8)accept u(-1)deny
AUG 30 23:54:22:linei (444) udp 212.129.52.104 > (external ip) (416) 5124 > sip'5060' - DENY rule - s(4)deny - REGISTER sip
external ip):5060 SIP
AUG 30 23:54:27:linei (444) udp 212.83.182.167 > (external ip) (416) 5069 > sip'5060' - DENY rule - s(4)deny - OPTIONS sip:100@(external ip) SIP/2
IP address 212.129.52.104 seemed to belong to Tiscali France, but then I saw the name? "SAS". I wonder if it's not a new name for that french isp OVR or somerhing like that. That ISP that hosts troublemakers.
Then it seems like that IP address was used by a web sevrice "cheateo.com" that adverts itself with "Create your own bots! Send fake traffic! - Babylon Traffic". Well, a bit interesting.
"Babylon Traffic is an easy-to-use tool that help you to cheat on all the websites of your choice. Here is a basic tutorial on how to create your first own bot which is ..."
5.188.10.103 seem to be hosted in Bulgaria.
59.41.103.97 ChinaNet Guangdong Province Network
95.215.1.201 seems to be hosted in Russian Federation.
222.96.190.71 South korea ("KT Corporation")
This one was a hottie:
145.239.140.179 - United Kingdom Atomic Energy Authority - is it that GCHQ trying to hack me? lol
Again, there are holes in Windows XP. But at least it's not Windows XP that's freely accessible on the internet (unless I open it up, like I install teamviewer for the "windows support department" to see what they are doing...).