If the machine is on the Internet, it needs security updates. Let's take that as an inviolate law of nature:
If the machine is on the Internet, it needs security updates
This isn't a proprietary vs. open source thing, this is a "level of effort" thing. Microsoft right now, if they discover a security bug, has to create a patch for:
* Windows XP SP2 (thanks to all those "extended support" buyers; the US Navy has purchased support through June 8, 2017, they are not the only ones)
* Windows Vista (yup; also "extended support" for another year)
* Windows 7
* Windows 8
* Windows 8.1
* Windows 10
Why does that matter?
* It requires (up to) 6 times the development time to develop a fix for the bug
* It requires 6 times the QA time
* It makes Microsoft far less responsive to bug reports because of the time required to come up with a fix
* It makes Microsoft set the bar higher on what bugs are "fixable" because of the cost of coming up with a fix
It makes life difficult for everybody, and it wastes a ton of time Microsoft could instead be spending making their product better instead of constantly digging-around in 17-year-old code.
Let's say you're Ubuntu, you're all open source-y and have that warm fuzzy feeling. You want people to use their 10 year old OS installs, no problem. Let's be generous and only include the long-term support versions, because I want to save on typing:
* Dapper Drake
* Hardy Heron
* Lucid Lynx
* Precise Pangolin
* Trusty Tahr
* Xenial Xerus
That's also six versions you have to update every time a security fix comes in. (Potentially) 6 times the code to create the fix, definitely 6 times the QA time, etc. All the same problems Microsoft has, but this time in your open source dreamland.
That's a huge, huge, waste of effort that could go towards actually making the OS better.
If the machine is on the Internet, it needs security updates
This isn't a proprietary vs. open source thing, this is a "level of effort" thing. Microsoft right now, if they discover a security bug, has to create a patch for:
* Windows XP SP2 (thanks to all those "extended support" buyers; the US Navy has purchased support through June 8, 2017, they are not the only ones)
* Windows Vista (yup; also "extended support" for another year)
* Windows 7
* Windows 8
* Windows 8.1
* Windows 10
Why does that matter?
* It requires (up to) 6 times the development time to develop a fix for the bug
* It requires 6 times the QA time
* It makes Microsoft far less responsive to bug reports because of the time required to come up with a fix
* It makes Microsoft set the bar higher on what bugs are "fixable" because of the cost of coming up with a fix
It makes life difficult for everybody, and it wastes a ton of time Microsoft could instead be spending making their product better instead of constantly digging-around in 17-year-old code.
Let's say you're Ubuntu, you're all open source-y and have that warm fuzzy feeling. You want people to use their 10 year old OS installs, no problem. Let's be generous and only include the long-term support versions, because I want to save on typing:
* Dapper Drake
* Hardy Heron
* Lucid Lynx
* Precise Pangolin
* Trusty Tahr
* Xenial Xerus
That's also six versions you have to update every time a security fix comes in. (Potentially) 6 times the code to create the fix, definitely 6 times the QA time, etc. All the same problems Microsoft has, but this time in your open source dreamland.
That's a huge, huge, waste of effort that could go towards actually making the OS better.