windows xp(still perhaps the best OS ever designed) became somewhat a security risk when microsoft stopped providing updates earlier this year. technically there is a chance that a supercareful user who locked down almost everything could use it quite safely online but any existing or yet to be discovered flaws will never be fixed so as time goes by xp becomes more and more vulnerable. infections can arrive in many ways but they almost all come under the following classes.
1. from a downloaded file. a downloaded file can carry a virus, you deliberately download it from somewhere either using your xp machine or as myrti mentions on another machine then transferring it by usb/cd.
2. via infected "hardware". usbs can carry viruses as can cds dvds and other removable media. the viruses in these may occasionally be pre-installed by a criminal manufacturer or more likely get onto them when plugged into an infected computer. unless it's brand new from a manufacturer you trust, or has only ever been plugged into computers you absolutely trust and never had an exe file written to it then don't put any removable media into your xp machine.
3. via drive-bys,ads and dirty tricks. this is what xp is becoming more vulnerable to since support finished, it's also one of the most common means for viruses to spread. the user doesn't need to make any deliberate action just visiting certain pages, seeing certain ads(sometimes on pages of a legit site, a criminal can design an infectious advert, spread it through an ad network who then places that ad on all sites(major software sites,news sites,forums,etc) they provide ads for), or pure bad luck can lead to these infections. the only "defence" is keeping your antivirus, OS, browsers, plugins,flash,java,etc up to date, even then you can be infected via newly discovered routes before updates are ready to prevent those attacks.
if at all possible the safest thing to do is keep the xp machine offline entirely, fully "air gapped" from any other machine but if you are very careful about doing multiple scans with antivirus on a second machine then you might be alright to transfer files via usb from this second machine to the xp one and back(as long as the second machine isn't infected and you are very careful about what files go onto the usb). windows 8 and 7 may have less intuitive interfaces but running one of those OS s on a second machine would be best for security, or running linux or mac operating systems on the second machine. with this air gap setup you will also want to have an antivirus on the xp machine scan every usb you plug into it when you want to put more files on it (you downloaded an image on the second machine that you want to use as an illustration in a word doc you are working on), but the antivirus on the xp machine will quickly have it's definitions become outdated so it can only protect against obsolete viruses.
if you want to keep using the xp machine here is the solution i would come up with...
you will need two machines( a far more secure setup than trying to get one piece of hardware to run two operating systems), the current one with xp and another with a more secure OS. make sure this second machine: runs the best antivirus protection you can give it, never has a new program installed onto it, always has it's current programs kept up to date, does not run java, avoids flash where possible, keeps all plugins in it's browsers either totally disabled or click to play,never downloads an exe file,never browses with internet explorer,has several on demand second opinion antivirus scanners (malwarebytes is a great one, this site also some other good ones in it's downloads section), uses "noscript"( a plugin which provides a first line of defence against advert malware and drivebys) in it's browser. then with this second machine set up you can use it to download a file from the internet(and do internet surfing), save this file(do NOT open it), scan it with your main antivirus, scan it with malwarebytes,then open it on your secure operating system machine, check that the extension is one for a safe file type, then save it to a usb. scan the usb with as many scanners as you have on the secure machine. then you can plug the usb into the xp machine and copy the files off it onto the xp machine. it would be nice to use a scanner on the xp machine to scan them again at this point but as i said earlier an antivirus on the xp machine will soon become outdated if the machine itself never goes online(you might be able to transfer new definitions across by usb but that brings another infection hazard as they would probably be exe files and other types which are dangerous if tampered with). the only way to be sure the xp machine can never get infected though is to not even do this, any type of internet connection into it can be vulnerable to driveby like attacks even if the browser on the xp machine is never opened or used to surf anywhere, and if ,despite the many efforts described above, the "secure" machine get's infected then the xp machine is sure to follow. the two machine set up lets you benefit from some aspects of the internet without the full risks and will probably soon be replaced by you just learning to do everything with the secure machine and leave the xp machine as a reminder of "the good old days" and a memorial to the software we all loved, that is what has happened with mine.
Back on this site, for a while anyway, been so busy the last year.
My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB