In the enterprise area, we are long beyond being long beyond on patching as just part of the cost of ownership of a Windows PC or server – about 8 years beyond that. Even for OSs that haven’t been attacked as much or had as many vulnerabilities – really not news that you have to patch or you have problems.

Just as when you buy a car you know you have to change the oil every 3,000 miles – when you buy a computer you know you have to patch it once a month. Change your home air filters; rotate your tires; brush your teeth – all of these are just accepted normal costs of doing business, same with patching.

On PCs it isn’t even hard. On servers, it takes more work – shielding approaches may be sufficient for many, just as I can decide to change my oil every 10,000 miles and take my chances.

Perhaps malware exposes real consumer expectations; purchasers may not realize that there is much work and expense to provide due diligence on their windows systems. Others may refuse and some folks are just unable to do so.

Would the outcome be different if there was a warning label on the box that said that approximately n% of the rest of your life will be occupied protecting this system, after one installs it and as long as it in use?