I don't mean just security updates though. I mean systemic security improvements coming from redesigns of components. Some of the changes are feature enhancements in the kernel too, some affecting security.

For all the criticisms of UAC or the Win8+ app store I would sooner trust a sandbox on recent windows than I would on Win2k. Even the XP SP2 era had huge security re-vamps that Win2k never got.

And there are performance things. I happen to know that Win32 message pumps have a better locking scheme on Win7 than they did in 2k.

The issue is in order to get enhancements in the lower layers you get forced into other bloat higher up.

Disclaimer, I spent a few years as a dev on the Windows team.