To what extent should software companies be made to be responsible for older versions of their software? Should only certain software products be held accountable? I believe that operating systems should that special case.
I believe that Micro$oft has seriously dropped the ball when it comes to security problems we see across the Internet. Micro$oft has accomplished this stroke of genius with but one move...not releasing security fixes for their old OSes.
As much as Micro$oft and PC makers might wish, the entire base of computer users cannot all upgrade to the latest OS at once, leaving no sign of the old systems and software. The reality of the computing world is that old OSes continue to find homes and be used. Why? Because that old computer in your uncle's attic is only a 386, but heck if it doesn't run DOS and old educational games for your kid niece.
Worse still, there are installs of Win3.1, 95 and 98 in production environments, connected to a network, open for attacks by hackers to be turned into zombies. Am I advocating that Micro$oft spend their "hard-earned" dollars on old software? YES! They certainly have the resources.
I would be curious to find out how many of the reported zombie PCs are running these older unpatched OSes. Why attack new installs of Vista when you have so many other unprotected systems?