It's probably actually because their systems are so outdated that they are using paranoia induced security precautions to prevent any problems.
Personally, I simply prevent my users from opening any form of unauthorised executable code, which reduces the number of possible infections down to zero unless I screw up and authorise a virus.