You can isolate any PC from Internet attack, again it is just simple common sense and good security.
Unless you're running vulnerable apps on the network to access things, or there is a way for a remote server to access a vulnerable app running on one of the machines. You can isolate any PC from internet attack, by unplugging it from the internet, completely.
Your security is only as good as your weakest link. Every program you allow to access the internet, or be accessed from the internet represents a risk. If those programs are old and unpatched that risk is significantly higher, sorry, but that's just common sense. Your average person's PC is going to be used for day to day tasks, and potentially have a large amount of vulnerable software in direct contact with the internet, using old and unpatched software in such a case is irresponsible at best.
As I've said, we live in an age where a malformed image or document file can compromise the entire security of your PC, and no firewall is going to block every single image, piece of flash, and PDF document 'just in case'. An Antivirus might save you on those, but again, only if you actually keep it up to date with the latest patches....
As for the "it's not my problem, I don't care if I get infected I only use it for games" guy, sure... but as I said, your machine then becomes part of the problem, it's attacking other machines, acting as a cloak behind which people can hide, acting as a spam relay, and quite possibly acting as a storage FTP for god knows what.