After watching Microsoft fruitlessly patching and re-patching all versions of Windows for over 25 years (and now see that the supposed 'golden-child' Windows 7 is following suit), I have developed a General Theory about Microsoft operating system security:

1) All Microsoft operating systems are designed with some significant minimum quantity of security holes which can never be closed.

2) These holes are experimentally discovered in the closed-source binary code by hackers. The hackers then have many a field day, creating botnets and viruses (that can also skip the following step 3), taking over people's computers and ripping off their bank account balances, personal identity and files.

3) Microsoft eventually responds by using some random-number generator (perhaps ball-machines similar to those used in many lotteries) to designate new coordinates to move these unpatchable holes to. Microsoft then issues these relocation "patches" each month on "patch Tuesday".

4) A host of "computer nerd" businesses then feed of the huge number of scraps that are left over (of peoples computers that cannot be "rescued" by Microsoft's "better late than never" patch cycle).

5) Branch back to step 2, and the cycle continues ad-infinitum (and apparently applies to all Microsoft OS's, past, present, and assumedly, future).

Hopefully, my airing this "theory" will not result in any law suits or other forms of corporate-bullyhood from Ballmer and Co. The only way to break this cycle that I can see is to jump off the Microsoft foodchain and run something secure (and free) on your computer, like Linux.

There's definitely a "damn if you do and damn if you don't" involved here.
There's been a number of instances where a security patch has caused problems to one or more applications, but there are also plenty of examples of malware like Blaster and Conficker infecting computers merely because those computers were connected to a network. Hospitals here in Sweden have had X-ray machines and other computer controlled devices fail because of that, and those most definitely don't run IE or other normally targeted applications, but just insufficiently patched OSs and AV.

Who knows what these "updates" are, they could well be just seeing what software we have loaded - whats hot.

It's in M$'s interest to have us at their site each month - thats good marketing.

Other updates may well just be making more things insecure, so that we have to return to get it fixed.

Have you tried poultice?

I never had a malware, virus, trojan worm, update, service pack, or flu shot.

If one poultice doesn't do the trick, have another, and another, and you get the idea.

Hey Simon, Service Packs contain consolidated update patches :P

burn!

In all the years i've been running Win XP, ive never installed any update patches apart from service packs 1, 2 and 3 and the patch for conficker.

I can't remember ever getting a virus, trojan, worn, etc...

But then I know what i'm doing when i'm online - I use Firefox with NoScript and FlashBlock add-ons, have NOD32 and SpyBot S&D installed and up to date. Also use Foxit PDF Reader instead of Adobe Acrobat for PDFs.

I suspect the vast majority of systems with viruses are owned by stupid gullable noobs with no clue what so ever

Updates sometimes cause more trouble than they are worth. I'll take my chances with the security flaws. Five years and still running smooth with no updates, no viruses either.