How does one know which sites are "dodgy" or "safe" before browsing to them on an unprotected machine?

Upgrading the OS, rather than buying a newer PC with pre-installed OS, will likely result in unacceptable system performance for most people in this situation. OP didn't mention the hardware specs of his particular machines, but most consumer-class XP computers weren't built with the hardware required to efficiently run Windows 7 or 8. Recommended system requirements for XP SP3 were 300 MHz CPU, 128 MB RAM, and 2.5 GB HDD. For Windows 8 it's 1000 MHz CPU, 1000 MB RAM, 16 GB HDD, and DirectX 9 graphics card. A typical new Windows 8 mid-range consumer desktop PC (~$1200) from Costco or Best Buy comes with a 3.4 GHz multi-core CPU, 16 GB RAM, and 2 TB HDD. That's a Really Big Difference.

Editing the hosts file to block/spoof the domains of malicious resources may help, but I'd hardly describe it as a "very good layer of security". This strategy depends on having a current and inclusive list of known malicious websites, the skills or utility to update or replace your HOSTS files, and the discipline to do it regularly. In the end it doesn't do anything other than block access to the websites or servers specified in the current HOSTS file. More info here for others that may be interested.

It's not perfect, but it does work, and has been useful to me so far.

Watch the lower left hand corner of your screen while you're waiting for the page to load, and you can often see who's downloading stuff to you. Copy the url and add it to your list.
That's the site I used. There are others with other lists. Or, you could combine them (I'm thinking something like cat list1>biglist cat list2>>biglist ... cat biglist|sort|uniq)

Depends on how much a creature of habit one is; one can experience a very great deal of what the internet has to offer within a relatively narrow range of known sites these days. *.google.com, en.wikipedia.org (and other sites run by the Wikimedia foundation), your own business relationships accessed directly via known URLs, etc.

OTOH, a late-in-cycle XP system purchased shortly before or after vista came out will be well in excess of what's needed to run Windows 7 properly, and the actual specs required to have a decent experience have not changed much in the past 6 1/2 years since Vista came out (~2ghz dual-core CPU [or 2.8ghz+ Pentium D], and a minimally-capable GPU*; the only big change is that while 2gb was fine for most people when 7 came out, it's kinda marginal now.)

[* which is basically the GMA 950 -- dating to 2006 as well -- at least on Windows 7; the 950 wasn't really adequate on Vista. ]

For desktops, there are some machines going back to Q2 2005 which are still fine, although I'd consider any laptop predating the Core 2s (late Q2 2006, IIRC) as not worth upgrading.

Also, $1200 is no longer "midrange" for anyone but an enthusiast, and those specs are specific to desktops. Laptops tend to be a good bit slower still, and outside of some niche uses, nobody much minds (although the very lowest-end machines are still IMO too low-end to recommend.) Also, as Chromebooks show, not everyone needs much local storage anymore -- a 2TB hard drive is nice if you have a lot of downloaded or ripped media files, or take a lot of photos (and don't use the cloud in the latter case)... it's overkill in most others.

I find it more useful for adblocking than for security, but given that some attacks DO come via ad networks (especially on some of the known adult and torrent sites; the unknown ones are likely to be hosting attacks locally!) it's a decent, if small, bit of security.

Whitelisting Javascript, if you can tolerate one of the solutions to do it, is a better solution.

cat list1 list2 list3 | sort | uniq > hosts

The only problem is that lists are not consistent in how they do whitespace between the ip address and the hosts, or the comments, so you'd probably want to use some kind of cleaner to handle that (or even just a little bit of awk.)

There are also some hosts-file management programs. Haven't used any of them, but they might be a good solution for the less technical.

Yeah, iI know, I know. I'd probably use a sed command. The only thing I'd really worry about is the whitespace between the IP and the url.

The script as written is probably bad syntax, too. But, the point was to show it wouldn't take much to do the job, and maybe get a little street cred from other geeks on the board .

I just about have full-affect PTSD from Office 2000 Product Activation and the large number of product keys that would not activate online or over the phone for months after release. Microsoft had to send us replacement media and keys to get our Office 2000's activated.

Cry.

No, not really, because I expect all the XP computers in the house (3 right now) to keep working, and I will do whatever I can to keep them working for as long as possible. Just a bit sad Microsoft is blowing XP users off. I would mind less if its latest alternatives were clear improvements, but they're not.

The company I work for bought me a laptop recently, Windows 8. Took me days just to get used to using it. Today it died. Black screen of death. Just a *pop* in the middle of what I was doing, and wouldn't reboot. No emergency bootup options, no recovery options, no booting into recovery partition option, nothing that worked by pressing F9 or F8 or shift-F8 or anything else. Going back to the old computer to google solutions, I found that the Windows 8 black screen of death is not an uncommon occurrence among other users. I had the shiny new things for all of 5 weeks.

I have always thought Windows 7 to be very solid.

I've been using Win8 for a while (using it right now). I just use Start8 which restores a Win7-style Start menu and boots directly to the desktop.

With it, I can pretty much just ignore the Modern tiled start screen and Modern apps.

However, Win7 is solid and will be supported for quite a while. If you're thinking of moving of XP, it's a good choice, depending on the hardware. Main thing is to throw as much RAM at is as you can. I tried it on a laptop that has 2GB of RAM, but it was a lot slower than XP.

Life goes on as usual. The one box with an MS OS on it will continue ticking with XP, makes zero sense to invest any money/time in a new OS + upgrading the hw - the rest is OSX or Linux ^