"The short answer: Updates are worthless if one does
not apply them.
"Once again I find myself cleaning malware off of a home user's
Microsoft based notebook PC. Once again, while it has anti-virus
software installed it was infected by a "drive-by attack" from a
web page. It was infected with the Antispyware Soft fake
anti-malware nag and FUD software. The installed Norton Antivirus,
which is up to date, did nothing to stop this attack and was then
disabled after the malware got on the system. What happened?
"As I type this article the notebook PC's Microsoft system is
downloading and applying updates. Many updates. At least a couple
of years of updates. Maybe more than that. The IE browser was
pre-IE8 and was not patched with security updates even then. The
Firefox browser, which is set as the default, was also not up to
date. If the system had not been infected and given into the care
of my company to clean up it would likely never see another
software update applied. Even though the system was set to download
and apply updates automatically, the scheduled time was set for
3:00 AM. A time when this notebook PC owned by an older lady will
never be on."