Some of you have been doling out biased, narrow advice, or advice that overly generalizes things. As with anything else, understanding the NATURE of a thing is key to dealing with it.
Windows XP can be a very stable OS, but it is necessary to treat it somewhat gingerly at times. I don't have problems with spyware, viruses or other malware (nor spam either for that matter). Dealing with such things effectively requires a little knowledge (and no, you don't need to be a "guru") and some understanding.
I do not install security updates, service packs or anything that doesn't provide enhancement for the things I personally do with Windows, because those things will grind on overall performance, not to mention that I have little faith in Microsoft's ability to secure my system. Their updates are more of a variable to me that the protective software I have tried and used for a while. I'm running XP on a 3-year old pc and performance is just as it was the day it was released. I also install and test or use between 30 and 40 programs a month.
The only performance hit I take is when, after a time, programs I no longer need are eating up drive space, clogging up the registry with unused settings and the like. I very seldom trust programs that go poking around in the registry, so here's what I do (and strongly recommend):
You only need to do this ONCE...
Boot from a DOS diskette and run the FDISK program. Delete, then recreate partition(s) on the hard drive (if you don't know how to do this, get help with it)
Format the Drive/partitions.
Install Windows XP and any updates/service packs you want. Completely and carefully customize all settings, including folders, Start Menu, Screen settings, etc.
Install and configure your programs (If you have trial or shareware programs, DO NOT install them at this point).
Make sure everything you can think of is as customized for the way you work as is possible.
Use a program that will create an image of the drive (I use Acronis Backup, but you can use one of the more pricey ones if you prefer). This is preferable to doing a "standard" backup, because the "image" simply makes an exact duplicate of every bit and byte of information on the drive, retaining all settings, even those that are dynamic.
This process typically takes between 18 and 24 hours over a two or three-day period. It's worth it though, because after that, anytime things get a little muggy, it takes about 20 minutes to completely return everything to exactly the same state it was at the first. I typically do this about every 30 to 45 days. This way, unless there is some needed functionality, I stay away from the Microsoft updates, because the OS is never static long enough to cause me any problems that can't be solved in about 20 minutes.