Yes, Windows XP can certainly run that way.
It’s funny, we sometimes forget that when Windows XP first came out over a decade ago, networks weren’t as common as they are now. So yes, running XP, isolated as you suggest, is one way to reduce exposure.
Keeping it useful
But it’s equally critical to realize that your machine is still exposed, at least if it’s to be useful. (For example, many people are wanting to keep XP specifically so that they can run Outlook Express, which requires a network connection to be useful.)
Isolation can actually sort of make things worse.
The issue here of course is one of preventing malware from reaching the machine. Since the majority of malware is delivered in email attachments and downloads, cutting the net, so to speak, renders those those delivery mechanisms impossible.
The real problem here is that network based delivery isn’t the only delivery vector.
For that XP machine to be useful, it probably needs to have data copied either to or from it on a somewhat regular basis, be it on external hard disks, USB thumb drives, or even floppy disks. All of those are ways that malware can still make its way on to the machine. Malware has most definitely been known to propagate over USB thumb drives.
Extra precautions help, but…
Now, most users will say that they’ll take extra precautions, for example, scanning those drives for malware on another computer before attaching them to the XP machine. To be honest, that’s probably about as close to a perfect solution as you can get while still keeping the machine useful. But, it relies on some one running a scan each and every time before moving a media device of any sort from one machine to that XP machine.
Each and every time. So, don’t forget.
The worse part is simply this: the XP machine can no longer reach the internet, and that means that any anti-malware tools on the XP machine can no longer update themselves. Not only can they no longer download software updates, but more importantly, they can no longer get updates to the database of known malware, updates that we typically recommend should happen daily.
With the drying up of XP support, it’s those anti-malware tools that take over as the first and best line of defense against malware on the machine. In a case like this, those tools will be hamstrung by their inability to connect to the net.
So, there remain risks, absolutely. But not connecting to a network and being exceptionally diligent scanning any disk or device that might connected to that XP box can be one relatively effective way of keeping it as secure as possible for as long as possible. As long as it’s still useful to you disconnected from the network; and as I mentioned earlier, that’s not the case for many people.