We run windows xp now, and support for patches is ending in 2014. Is there a way that an enterprise antivirus can protect against os exploits that will come out after 2014? Also, all of our pcs are behind a DMZ and all have firewalls with only a few ports open. For this example lets say we only have port 80 open. If there is an os exploit in the system can it be attacked through port 80? Does the firewall even matter in the case of an OS exploit? Please let me know, we would have to purchase all new computers to run W7, this is a big deal to our company, thanks for any input.