I'm not sure what you mean they can cancel and still enter windows.
As far as shutting down the pc on a wrong password, first I'm not even sure if this is possible at the windows login screen and second, wouldn't that just be a bigger hassle for you. If you mess up the password the power goes off, then you have to start it back up. If someone is trying to break into your computer, then they're going to do the same thing, just turn it back on and try again.
You can set a bios password so that they have to type that in before the system will even boot to windows. I would also reccomend making sure that you have an administrator password. By default, Win XP Home doesn't have one and doesn't ask for one during install.
hardware
prices 
