> So, why do they not deploy?

Because of the number of bad patches Microsoft has released over time, causing many problems with software that worked fine before.

People are afraid of "What will fail now after i deploy this patch?"

While it's nothing different for any OS, it still is one of the considerations, and having a bad track record doesn't help.

> Is it because they are afraid of the downtime?

Definitly, not so much the downtime that is caused by a reboot.

But more for the interactions with other software running on the box. People need to do QA on all used applications in an environment before they can deploy an update.

This is not only because of the bad track record MS has with patches, but it doesn't contribute in a positive way of how people think about patches.

>Could be, so we have to work harder to reduce the number of

>  reboots (is this different in other OS?  I do not know but I

> doubt).

Yes it's different for other OS's. This is one of the several fundamental design flaws of Windows.

> Is it the tools?

I don't think so.

> Is it lack of knowledge?

It's a factor.

> Is it ignorance?

That's another factor, but i rather would pile that up with lack of knowledge. Because they don't know they don't care..

Especially marketing the product as the "safest" windows yet, while entirely true, does tend to decrease the emphasis on security that everyone should have.

And security doesn't stop at updating the OS with bugfixes.

It doesn't even start with that.