That shouldn't matter anymore, assuming XP firewall is good enough to block incoming connections to SMB ports (or all ports if the user is not running any services). It doesn't take a good firewall to do that.
ISPs have been throwing routers for free in the general direction of every potential customer for the last 5 years, there is really no reason to connect your XP box to the internet directly. Yes, you can. You can install every piece of software you find. You can run a virus scanner. You can run a software firewall. And you can connect your PC directly to the internet so anyone can connect to it and exploit it. You can also throw it out the window into that mariana trench conveniently located right outside the window. You can. But that doesn't mean it's a good thing to do. I wouldn't blame Windows if someone stole my physical harddisk and I won't blame an unpatched Windows to get exploited if connect to the big bad world without protection. If there is an operating system that would survive in the open unpatched, it's because no one cares enough to exploit it.