I don't let anything auto update,
everything is set to manual or disabled
I don't allow updates of anything automatically
Flash, Acrobat Reader, etc doesn't get any permissions to do anything update related
when it's time to update Flash
I remove it first, then get the offline installer to install the newer version
every other app I install, I disable the check for updates if it has the capability to check for updates
even the add-ons for Firefox are set to be checked manually
and only while on a trusted network (namely: home, or office, never on "public networks")
do I check
Firefox itself is also set to not look for updates automatically
windows update is set to DL & notify only
then I check the KB numbers first thing after I get the notification balloon
(and I get a little grumpy when I get the balloon for out of band updates, good thing those are rare though)
it looks like a lot of work but it really isn't
it's actually less work than letting everything go automatic, and having things
foisted upon me while in the middle of doing something else
it stinks to have a bunch of things open and be forced to close the browser or windows
or both etc.
especially the junk windows update pulls if the group policies aren't changed
to disable the install updates and shut down from the shutdown menu
no security model is perfect,
and I can see how maybe the "Possible exception(s)"
could catch someone off guard though
so we do our best,
and I have yet to get a system infected through my own web activities
have had many infected systems handed to me from DOS to win7
but never any of my own
one day it could happen, never say never
and in that case my tool of first choice would be last month's Backup Exec full system drive image
