Constant updates are too much for people. I help people everyday and there are always updates to do. It overwhelms people and ultimately causes worse security.
See here is the thing. Anyone who doesn’t do IT doesn’t care about updates. We IT people have talked till we are blue in the face, but to the average computer users updates only cause problems. It either slows their computer down, causes new problems, or changes things and people hate change. So when you tell them that it will secure their computer from hackers, they say “It won’t prevent a hacker from getting into my computer.” The thing is, that is completely true.
The truth is, that even when you update the system there are always hacks that aren’t public. For example, I have talked about Apple only updating its users of security problems when a fix is available. While that may make sense for consumers, for business it doesn’t make sense at all. Some businesses like financial markets need to know this information as soon as Apple knows it, and withholding it only hurts the weakest and most vulnerable businesses.
Now of course every business has many ways to stay safe. It can’t depend on just one system. However as a consumer relying only on Apple is a mistake. Yes it has fewer security problems in some ways than Windows, but it also is a big question mark with things that Apple doesn’t share with us.
This is the biggest problem I see in Apple and updates and security in general. When you ask people to update to keep their system safe, you make the users responsible for something that the vendor (Apple/Microsoft) should be responsible for. This is never going to help people secure their systems. In this way, asking people to update their systems is so incomplete to help them feel secure. People need multiple levels of many systems to be safe.
Simple solutions are often wrong.