[sqeaky]

I think you are grossly understating the difficulty of penetrating actual defenses.

Once a vulnerability is used it is likely to be patched. A group that cannot be coerced to do something for you will close vulnerabilities as it learns of them because they are liabilities.

Also, moving away from microsoft will likely lead to the end of software monoculture. You need to research those vulnerabilities for each target. Oh, and it it would be much more than a fewer hours of research.

[mandevil]

Gah, this brings me back to the glory days of slashdot.

The software monoculture exists because of USERS. The vast majority of users don't want to have to learn three different OS, look+feel, GUI rules, etc. They just want the goddamn excel file that the CPA sent over that they need for their accounts receivable report to OPEN. Trying to convince governments to go to FOSS doesn't well work because the users slip back to things so that they can do their job the way they know how.

See, e.g. the city government of Munich, which after a decade of trying never got above about 60% of their users to switch to Linux, and is considering abandoning the effort.

[sqeaky]

For people outside the United States, switching away from microsoft really is a matter of national security (It kind of is inside the US too, but that is a different argument). If leaders of a nation allow their civil servants to be so lazy that they damage national security they deserve whatever results they get.

Using new software today isn't like it was in the 90s, the OS is much less important. UIs can be delivered by web and all the user friendly UIs (all mobile OSes, and no desktop OSes) area ll similar enough that many users can't tell the difference. If this is the barrier to someone's national security...