Cool, one that's right up my alley.
Let's do security updates first. All of those update directories in the WINDOWS folder (the ones with names like KB987654) are actually backups of old files. If you ever want to uninstall a patch, that is where the original files are. You can delete the folders. Don't use Add/remove Programs, or you'll uninstall the patch. Removing the folders should remove the entry from Add/remove Programs. And you should keep the updates installed forever.
If your updates are downloading, but not installing, check Control Panel/Automatic Updates. Make sure it is configured to install the patches. The top selection is the one you want. Set the time to a time when your computer will be on.
Probably the best thing you can do to improve security on an XP system is to not use Internet Explorer. It is by far the most popular method of putting malware on a PC. I use Mozilla Firefox with the NoScript add-on. NoScript blocks all scripts by default, including JavaScript, Java and Flash. You can select which sites you want to allow.
Next I would recommend a hardware firewall. Any commercial one will do, from Belkin, Linksys, Netgear or whoever. It will prevent any worms and other direct attacks from getting to your PC. And make sure you change the default password and turn off wireless if you don't need it.
If you are willing to learn a bit and don't mind some minor inconvenience, don't log in as an administrator, but as a regular user. It can be tough getting some programs to run, and some just refuse if run as anything but admin. But it will prevent anything that is run with your ID from writing to the system folder and registry, which shuts down just about all malware out there. If you share your computer, make sure each user has their own logon ID, and make them a plain user. Especially kids, who will attempt to run every executable they can find.
