@gsa @grishka As long as you're not using anything that opens ports to the public internet on your router, you'll be fine. I've left an XP VM running in a vulnerable state for a week (the initial release from 2001 with no updates installed, bridged to my main network) and nothing happened. Still shouldn't log into anything on it except maybe your Steam account, but XP has been so far discontinued that malware doesn't care for it any more / won't even run due to missing features.