Sad, but true.
The number of infected systems with unpatched vulnerabilities for which patches have long been available is huge. Of course that provides a prime target for malware purveyors who, like all predators, are clever enough to go for the easy prey, the weakest links.
Some users will install a full security suite, add in a few extra anti-malware products and maybe one or two tools to guard the registry, and then do little or nothing to keep their installed programs properly patched. Sadly, their neglect all too often extends to their operating system.
We see these users all the time. Some come here laden with security programs installed along side ancient versions of Java, Adobe Reader, and Flash Player, not to mention obscure applications they've forgotten they have on board. These are the very same individuals who will shout and/or whine about how they will never ever again use Safe-O security software because they got ripped off... the danged thing didn't protect them from malware like it was supposed to do... heck, they even got attacked by some old infection that's been around forever. Safe-O is junk because it failed to protect them.
No anti-malware product in existence has the capability of protecting a computer against its most dangerous enemy... the end user.