[cmurf]

And what about the lesson that software should be mortal, and should one day die? By what metric is, e.g. Windows XP, subject to evergreen updating to mitigate (prevent or reduce impact of) this exact scenario, forever? Does Microsoft have the right, and even the obligation, to remote detonate all Windows XP in existence on a certain date?

Perhaps EOL should be literal. The software kills itself and does not function.

The lesson I'm getting is our software can become malicious, and that malice can spread like wildfire. Is a company obligated to patch any wildfire type of bug forever? Is that a cost of proprietary software? Or is setting a date for its death the cost?

I think aging proprietary software has a much greater chance of becoming a weapon than it does becoming inconveniently obsolete. So forcing a company to release the code as free and open source software upon EOL date, I think just enhances the chances that it gets weaponized. There's a greater incentive to find exploits than to fix them, in old software.

Another lesson is most people really shouldn't be using Windows. If you can't afford to pay Microsoft to keep your software up to date, then use something that's FOSS and is up to date. (Same rule applies to Apple, if you can't afford new hardware in order to run current iOS/macOS versions that are being maintained, then don't buy stuff from Apple anymore.)