You know, even if she stays on XP, on the hardware she is currently using or a VM, there is going to be a learning curve involved.
She will
not be able to continue "life as usual" on an unsupported operating system. She will have to learn new software, she will have to learn safer browsing habits, safer email habits, etc. And accept that some things she will not be able to do any more, or software she will not be able to use any more.
- If she is used to using IE, she will have to change to another browser that's still supported with security patches, when needed.
- She will have to learn how to properly use things like NoScript, Flashblock, Adblock. She will have to learn to discern when she can allow something and when she shouldn't.
- She will have to have a much tougher firewall and deal with alerts from it
- a new email client (that's still supported)
- She is going to have to develop the habit of manually scanning everything she downloads for malware with a secondary anti-virus.
- She will have to get used to file extensions showing (if they aren't already)
- and a lot more.
Essentially, she will have to learn to become a security savvy power user.
I know what is required to safely use an outdated version of Windows. I have done it before. It's really not fun, in the long run, and not something I would recommend to anyone that can afford the cost of a new OS and the hardware needed to run it. And I am already a security savvy power user and saying this.
Don't run an outdated, unsupported version of Windows unless you are dirt poor and are willing and able to pay for your choice to do so with your time and frustration, rather than paying money to upgrade your hardware and OS.
If you fear having to learn new things, this goes double, since you will have to learn
a lot more just to stay safe, than you will have to learn to use a new version of Windows. And someone else can
NOT do the learning for you.