XP S.P. 1 with NIS 2007. Maybe soon want to upgrade to NIS 2010, but needs XP S.P. 2

Old computer, laptop, which hasn’t been used in about 18 months still has Windows XP s.p. 1 and a now out-of-subscription installation of Norton Internet Security 2007.  I can’t (or just not supposed to?) install N.I.S. 2010 because this requires Windows xp s.p. 2; but if I find a way to go online internet to upgrade Windows XP, then I’m putting the computer open to infectious files; but I could not install NIS 2010 because the machine has xp sp 1; so I’m stuck.  Ideas?