I started with DOS in 1983 so I know a thing or three about how DOS and Windoze evolved. Windows 98 was a very stable OS but was asked to run on very palty and buggy hardware at the time.
Being on the 98 Beta test team, there was a reason we ended up with 98SE and it wasn't because 98 was very stable. 98 was an evolution of 95 bringing in USB support and DirectX for gaming. ME was the final take on the 32-bit overlay on a 16-bit subsystem (DOS), basically tarting up 98SE, adding the NT5/2K GUI and a handful of buggy features.
It actually had very very few exploitable vulnerabilites.
It had tons of vulnerabilities. Smurf, BackOrifice, PingofDeath, heck, there was a suite of tools packaged with a single GUI that could wreak havoc on 98 computers with net access (didn't even need to be internet, just on the same LAN). We used to have a ball printing to people's printers at Uni that were on 95 or 98, and you could just cancel the Windows network login screen to gain access to the computer.
Win 2K was "for business" but Microsoft panicked when napster and file sharing took off and rushed to replace 98/ME with XP.
Windows 2000 (NT5) was the successor to NT4. Unlike NT4, Microsoft was pushing for more consumer adoption as they were moving everything toward the more secure 32-bit NT kernel and subsystem. However, 2K Pro was more expensive and compatibility with many games was still problematic, so they came out with ME, which had the 2K GUI.
Napster, Limewire, Azureus...etc. P2P wasn't the reason Microsoft came out with XP (which was in development before 2K even went gold). XP cemented the end of DOS-underpinned OS's, an era which Microsoft was keen to get behind it.
98 didn't require remote activation, neither did 2K or ME, but Micro$haft built remote activation into XP.
Which was easily circumventable with corp keys which many of us had memorized (same as for 2K and 98).
XP wasn't ready for general deployment as a consumer OS,
It was actually probably the best Gold OS Microsoft had released and was incredibly stable, which is why it is still in use more widely than either Vista or Windows 8, two successor products. Microsoft was forced to support it far longer than intended (and still provides dedicated security updates for it) because of how ubiquitous it became on embedded and automated systems.
it was from day 1 a trojan-hosting platform and was the reason why spam was able to become an industry (direct-to-mx SMTP spamming through infected / trojanized XP systems). By 2014, after 14 years, XP was finally locked down sufficiently to be somewhat safe to connect to the internet as 98.
That's nonsense. XP was the first Microsoft OS to have an actual firewall, which finally meant that you didn't get instantly pwn3d if you decided to raw dog the Internet. Popular firewall solutions like Atguard (later sold to Norton) and Zone Alarm that we used on 2K could be made to work on XP, but it at least had some manner of protection out of the box, unlike its predecessors.
Open relays (often Exchange, but not always, sendmail, Lotus and many others were also abused) were the primary reason for early widespread mail system abuse/SPAM. It wasn't consumer XP boxes. Orgs (often SMB's, they were likely the biggest culprits) would be running on-prem mail servers that were directly exposed to the internet with no security, and this was prolific. This is why the SPAM systems like SPAMCop went after restricting blocks that weren't designated to be sending that class of traffic.
