I work with deleteable virtual machines which accesses the net from a control center which does not have access to the internet.
The ‘on the road’ laptop access Microsoft.com about 70% of the times for information and HP/Cisco/Dell etc otherwise. If I go here while on the road, I remote to a VM at home and use VNC to access this VM and surf here.
The same goes for ordinary surfing, but then I VNC to a 90 Day M$ trial which is then replaced even if not compromised.
In other words, where others rely on one or just a few computers/installs, I have all functions scattered across multiple VMs and work in a more decentralized way.
What they get by compromising one install is just the function and possibly the OS installed, not passwords, serials or whatever else for other functions. If there is a need for access to a share, that share is exactly one folder which has its own limited user not used for any other shares.
Could the difference lie there?