Same with Windows. We have a golden image we use for all of our OSes, be it Linux, AIX, HP-UX, Solaris, Windows, whatever. We don't do installs, we lay down images. For AIX, I have 4 different images based on the 4 different apps that we run on them. For Linux, I have 5 different images depending on what it's going to do. Windows, we have 3 different images, Solaris only 2 (one Solaris 9 and the other Solaris
2.7), and way too many HP-UX images (3 different baselines just for the hardware alone).I've never babysit any of my systems, Windows or Unix unless I have a hardware problem. As many times as we go through patching of software or software upgrades (damn suits always want our apps do something different, even if it is going back to doing the exact same thing it did
3 versions ago), nothing stays static regardless of the OS it is running on.No, I don't keep dicking around with it. Yes, there are a lot patches for Windows showing up as critical patches, but you would spend just as much time with Linux if you try to keep up with all the patches for it. When you are writing and hosting banking software, it doesn't matter what OS you are running, you have to keep one step ahead of ANY possible security hole, and that means patching a lot, be it Linux, AIX, Windows, FreeBSD, whatever.
Windows will run unpatched for long periods of time, just as will Linux, but I'm not going to trust your bank account to either of them having a security hole in them.