Given the likely vector of attack, the best thing that anyone can do is disable the "autoplay" functionality in Windows XP. That's what runs a program automatically when you plug in a USB stick (or even put in a CD/DVD).
There's a PowerToy on Microsoft's website called TweakUI that does exactly that.
WOW!
Thanks, I’m going to pass that along to my husband.