They're getting their asses handed to them by malware. They have a huge attack surface of users on various versions of Windows. Forced upgrades reduces that attack surface of older versions of Windows.
That's all I can think of. In open source software where this is more transparent, computer security is hard. Backporting fixes is harder, and expensive, and has its own risks. Microsoft can't be immune to the same problem.
I don't believe a single second that Microsoft is adopting this hard line for security considerations. They want to monetize their users. They want them to watch their in-OS ads, they want to accumulate data on people, they want them to go to bing for search, etc.
Exactly. If Microsoft cared about user security, they've had the last three decades to do something about it. This is all about monetization and tracking.
They can address security issues (as they always have) without forcing an OS upgrade.
The low-level 'attack surface' is mostly unchanged. Windows 10 is not a total rewrite of Windows Vista/7/8, or anything close to it. As proof of this assertion, you'll note that most security patches that apply to Windows 10 will correspond to equivalent patches for earlier versions.
