As with any software, don't buy from unknown sources unless you're happy and confident to verify the contents. Even with a download you should confirm the checksums (and MD5 isn't enough). Linux Mint had a recent attack where at least one ISO was
subverted to carry a payload and download links were modified on their site to point at the compromised image. I doubt they are alone, but the Mint team are more open than many and have made full disclosure.
@swee'pea99 This isn't intended to discourage you. XP is terminally flawed and unsupported from a security point of view. Nobody should be trusting their personal data to it these days. (I work for an employer that still runs XP on most desktops
) As
@martint235 suggests upthread, install your ISO to a disc or USB stick and try before you commit. It will run a bit slower from disc but it will give you an idea of your hardware compatibility.