Re: It is the apps tied to ActiveX that cause the problems [and more important matters].
"That article tells Microsoft to do the work for free because they had money... It sounds like a disconnection between academic and commercial environment."
1. That's not the way I read it. Rather, my take on it is that Microsoft has made such vast sums of money simply because it opted out of its social responsibility to develop good code in the first instance (on evidence, a very deliberate decision on its part)—and that it took this course of action because it was NOT compelled by any law to ensure that its software products worked properly and securely before they were released. Certainly early on, the only things that mattered to Microsoft were its rush to market and maximizing its market share, security was hardly even on its horizon.
2. You have not addressed the other very real issues [useability difficulties, etc.] as to why users do not upgrade. (Presumably, as an Anonymous Coward, you are a software writer or developer and these points have hit a raw nerve.) These issues are very real concerns for many users and they need to be addressed by not only Microsoft but also the software industry as a whole.
3. As far as end users are concerned, the software industry suffers from very serious problems—major systemic issues that not only hinder software development per se but also ensure that software is much less secure than it ought to be. Specifically:
(a) The industry obfuscates its dirty linen behind the fact that source code is compiled (i.e.: remains hidden from users and security personnel alike). Thus, as source code cannot be analysed by third parties, design errors, bugs and security faults escape independent scrutiny to the perennial disadvantage of end users.
(b) The laws of most—probably all—countries militate against fixing these problems in any truly effective way and have done so for many decades. The lack of software 'fitness for purpose' laws essentially force end users to use software 'as-is' without any guarantee that faulty, buggy and insecure software will ever be fixed by vendors—this is especially relevant where software has been licensed for monetary profit (as in most other parts of the free market warranty laws, etc., actually apply).
Moreover, this already inexcusable situation is aided and abetted by mad, lopsided and very unfair copyright law—the DMCA for instance—where it even stops users and or independent investigators from investigating bugs and security faults (at risk of their liberty and freedom).
Furthermore, recently we've seen the truly detrimental effects that have resulted from the absence of appropriate software law that would require commercial software source code to be opened up to scrutiny by third parties in order to protect users against shonky and dishonest software developers; for example, the outrageous Volkswagen emissions scandal. In a democracy (or for that matter any civilised society), the fact that such laws do not already exist is nothing short of being outrageous. How many people have to die because of faulty software produced by shonky developers before legislators will act?
(c) The lack of adequate and satisfactory law to regulate and govern both the quality and security of software has seriously hindered the technological development of software industry over many years; in fact, its lack thereof has effectively stopped it from becoming a proper engineering discipline/profession (as, for instance, chemical engineering is). For—as past decades have shown—without any such law or regulation, the industry—whose self-discipline has been demonstrated on myriads of occasions to be as rare as hens' teeth—has little or no incentive to improve itself; the only effective incentive being the default one—that of monetary profit (hence the huge and obscene profits made by companies such as Microsoft, Google etc.).
When there are precious few if any constraints on an industry's actions (as in a world full of insects without any spiders), bad behaviour runs amok exponentially.
With respect to the last bullet point, (c), before calling me a nark or going into flaming mode, I'd suggest that I'm far from being alone in this assessment. I refer you to the following article: Software's Chronic Crisis, W. Wayt Gibbs, Scientific American, September 1994, p 86., which is aptly prefaced by the comment: "Despite 50 years of progress, the software industry remains years-perhaps decades-short of the mature engineering discipline needed to meet the demands of an information-age society."
Here is the PDF version and this is a HTML one.
One must consider this SciAm article was written close to 23 years ago—that's nearly a quarter century ago, which is utterly eons in computer time. Also, now consider the many security issues that currently surround the WannaCry/WannaCrypt virus (and the various implications that arise there from), thus—as far as the end user is concerned—one is left with very little choice other than to question whether any practical (i.e.: effective) progress has been made in computer science since the time that article was written.
With the plethora of evidence that's available and able to indict the industry on this account, there's precious little doubt that any reasonable person, even after applying the tiniest modicum of logic, could conclude other than that W. Wayt Gibbs was spot on target all those many years ago.
It's a tragedy the software industry has made so few really relevant improvements over these intervening years.