In other words, you don't. All you can say is that you haven't seen any obvious signs of infection.
Monitoring for suspicious (or known malicious) activity is good, but any security person will tell you that it's only part of the solution.
Well, I use Linux. :-P But I've found and cleaned viruses from my kids' systems in the last couple of years (I believe it was after Norton expired and before I installed Avast!), and just spent an afternoon cleaning a couple of systems at a friend's house. All of these systems sit behind NAT gateways (and a firewall, in my case), so any infection came via IM, web browser or email. Most likely browser-related, but I don't have any way to know for sure. In the case of my kids' systems they had no clue they were infected, the systems showed no unusual symptoms.
Most exploits don't depend on any application support for executing code. They typically use buffer or stack overflows to inject code and break out of the application into a system shell. You can use the most "secure" client you want, but if it has any vulnerability of that sort then you're at the mercy of whatever is on the other end.
I assume you also restrict your login priviledges, and don't have yourself configured with "Administrator" priviledges?
I wasn't trying to make any sort of comparison about relative risk, only pointing out that you can't make claims about safety just because you only surf "trusted" sites.
I won't disagree with your sentiment about poorly written code. All I'm saying is that you're going to spend a lot of time and effort with minimal return, because there's not a lot you can do about the bloat in XP. Cleaning up the taskbar is good, but it's not going to make a significant difference in performance. However, spending $40 to add another 512M of RAM will result in immediate and noticable improvements.
John Meissen snipped-for-privacy@aracnet.com