As with vaccinations, patches protect the host from nasty things that the vast majority of people simply don't understand.
This is how consumer software these days should be: self-updating with zero input required from the user.
Windows Update is the default position; you install the operating system (or receive it pre-installed from your hardware vendor of choice) and it looks like this: And then you go about your business.
By pure coincidence, I rebuilt my desktop machine over the weekend and left Windows Update to do its thing which consequently meant getting a bunch of patches: I start work early in the morning and often finish late which means I don't want things restarting on me while I'm busy so I customised my active hours: And there's a bunch of other configurability as well which I won't go into here.
A portion of them will monitor the various patches and apply them as required, for example organisations with managed desktop environments (although again, as Wanna Cry demonstrated, there are some serious shortcomings in many orgs). They may also be Wanna Cry'd or Locky'd or whatever else but that's their prerogative and so long as they know the risk they were taking, I'm kinda ok with that.
Obviously they're in Windows, same with Mac OS and i OS, same with browsers like Chrome and Firefox and same again with the apps themselves on a device like your i Phone by virtue of the App Store automatically keeping them current.You know what really surprised me about this whole Wanna Cry ransomware problem? Not the breadth of organisations it took offline either and no, not even that so many of them hadn't applied a critical patch that landed a couple of months earlier.It was the reactions to this tweet that really surprised me: When you position this article from a year ago next to the hundreds of thousands of machines that have just had their files encrypted, it's hard to conclude that it in any way constitutes good advice.Often, the updates these products deliver patch some pretty nasty security flaws.If you had any version of Windows since Vista running the default Windows Update, you would have had the Microsoft Security Bulletin known as "MS17-010" pushed down to your PC and automatically installed.Point is that straight out of the box, updates are being applied and it's easy to minimise the adverse impact by virtue of defining those active hours.