[ksaj]

It's not unlike some very big companies that are continually out of date when it comes to patches. The reason in their case is not a lack of diligence -- they are testing those patches before they ever install them on a critical server.

It is worth noting that a huge number of atm bank machines are running NT well beyond the days Microsoft was trying to get people to stop using it. For those who worked with NT and with what was replacing it, the decision was a no-brainer. Even at Y2K. Where is the cost going to be, and how much should we expect?

How many failed patches have you ever installed? That's exactly what they are avoiding. Risk has a weight. Denial of service is a risk, and in many businesses, the potential DoS is a more expensive risk than what the patch fixes. It's also the same reason employed COBOL programmers still exist.