hahahhahahahaahhaah ....

Thank you for my first great laugh of 2012 !

See Duqu and Stuxnet amongst other examples.

All it takes is a malicious system administrator (or a a non-malicious system administrator with a dodgy USB stick) and you've had it.

Is your "on vehicle network" truly seperate from the outside world ? How do you administer it ? I bet there's some form of live connectivity unless you've got strict security procedures in place with a true air-gap.

Not only will you not get security fixes with an expired OS, but you'll get no bug fixes either, and no chance of finding new third party software that will continue to run on an old OS !