Talk to us about the possibility of wrapping that Windows XP (or 2000 or even NT 4) app and running it under Odin32. Similar to running an application in a container under Linux, the application itself is the only thing running in a Windows-compatibility environment, while the rest of the system is not subject to Windows security vulnerabilities on the LAN or on the internet. In this configuration, the only user training required is getting the system booted, authenticating to the network, and clicking the program object to start the same Windows application with which your users are already familiar.
Have a Windows application which requires LAN transport, but the version of Windows now in use is too outmoded for the latest file transport security? No problem. Applications running under Odin32 on ArcaOS which need to access network shares may do so using the integrated Samba 4 networking in ArcaOS, which appears to the application to be a local drive. All authentication, security, and transport encryption (if so configured) happens at the ArcaOS level, outside the Windows environment.
Maintain your critical applications on OS/2, DOS, or 16 or 32-bit Windows, on modern hardware or virtualized, while running on a secure, stable, maintained platform: ArcaOS 5.
Note: Any application accessing the public internet may be at risk. ArcaOS itself cannot defend a Windows application running under it against such exploits, if that application is vulnerable to attack.