richms: I lot of custom software is plainly retarded. I know of a place that was still using an unpactched really old IE because they needed the username:password@site logins to work for some braindead half-assed client that used that to authenticate to an external server, and that was only last year that they were still using it.
Alarmingly high number of IE6 clients from corporate IPs hit a friends website too.
People forget that patching DOESN'T mean installing new versions of software, you can roll out IE7 or IE8 but also keep IE6 deployed and roll out the security patches for that client. There is no requirement to upgrade versions, Microsoft are very good with their product support lifecycle.
If they are running IE6 on Windows XP Professional they can continue with this version and get security patches until 08/04/2014.