He was both right and wrong -- patches do break a lot of stuff. He was facing two problems: the probability of being off the air because of an attack versus the probability of being off the air because of bad interactions between patches and applications. Which is a bigger risk?
That's an argument for an organizational test environment and testing patches before deployment, no? Not an argument against patching. That said, I would LOVE to see MS ship a monthly/quarterly unified updater that's a one-step way to bring fresh systems up to date without slipstreaming the install CD. Then press a zillion of 'em and put them everywhere you can find an AOL CD, for all those folks on dial-up who see a 200MB download and curl up in the fetal position and whimper.
It's not an easy question to answer. One scenario that scares me is what happens if the April Patch Tuesday takes out, say, TurboTax, just as Americans are getting ready to file their tax returns.
<cynic mode> No need to worry about that until MS TaxForm starts shipping. </cynic mode> -- Dave Pooser, ACSA Manager of Information Services Alford Media http://www.alfordmedia.com