Computer security is not a final destination; instead it is a series of side trips, not unlike a trip across the country. The first time a user boots up their machine and enters into the World Wide Web, they are exposed to a wide variety of threats. Some of these, such as viruses and Trojan horses, are entirely malicious in nature while others such as adware are not meant to be malicious, but can still seriously affect the ability of a computer to function properly. As the user continues their journey, they are forced to stop periodically, review known threats and download and install patches before continuing on, secure in the knowledge that their computer is protected from the latest threats. This is a never ending process.
Developers, most notably Microsoft, have developed a tool aimed at making this process much simpler: automated updates. Most versions of Windows have a feature which, to varying degrees, regularly queries the Microsoft server in search of updates, patches and fixes to known threats. Depending on the settings, the machine then either automatically downloads and installs these fixes or asks the user for permission to do so.
That sounds like a good idea, a way to take the drudgery out of computer maintenance, but there are risks as well. For example, recently Microsoft released a patch designed to address some security issues. The patch required a previous update in order to be successful. Computers that were set to automatic install that did not have this prerequisite ended up being seriously compromised. The patch, without the prerequisite effectively hosed the system, giving users a fatal error upon start up.
There is no straight course towards computer security. The role automatic updates play is unclear. Some users believe in them whole heartedly while others prefer to perform manual updates. Regardless, every user should have a trip tick to security.