This misleading story is based on a report with a methodology issue
I agree with the Dennis reports conclusion: If you run XP SP3 with no additional patches, IE7,old versions of Flash and Adobe reader and do not care about performance, Microsoft Security Essentials aint your solution.
This platform was picked " due to the high prevalence of internet threats that rely on this combination." The "logic" behind this statement in the report boggles me: "The prevalence of these threats suggests that there are many systems with this level of patching currently connected to the internet." Wikipedia indicates that the most common IE version on the web for at least the last two years has been IE 8, not IE 7. In 2012 it might be IE9.
I suggest that the prevalence of these threats is because they are possible and well known, and have nothing to do with the number of potential targets.
This misleading story is based on a report with a methodology issue.