Originally Posted by Steve-J
Why don't you just set the computer to automatically download and update in the background?
And WRT to your network at work, I've never heard of anything like that. I assume that you don't use any firewall software? How the heck is ANYTHING getting installed? How the heck is ANYTHING getting into the machine without your knowing in detail?
Just hooking it up to your LAN results in viruses? You've got major unusual problems in your network. You need serious professional assistance with it. There are plenty of turnkey solutions that would eliminate your problems pretty much 100%.
What you describe is nothing short of bizarre.
If you enable automatic background updates, many will result in your system being rebooted automatically. Great way to lose data. I do my Windows updates manually on my work PC.
As for being compromised simply be being placed on the network, this is far from 'unusual', though there are trivial steps that can be taken to reduce this, the first being to enable the desktop firewall. Windows security has obviously improved, but I remember back during XPSP1 days, an unfirewall PC placed on the internet would be compromised within minutes, usually by botnets that were scanning IP ranges for port exploits. These system had the exact problem described, of being compromised before you could download and install critical security patches and security software. If systems on your local network are already compromised, then without your local firewall enabled, you are as vulnerable as a naked PC on the internet. A lot of organizations might not force local firewalls on, if they feel protected by their network firewall. Default enabled hidden shares (C$, Admin$, etc) on PCs also make them vulnerable right out of the box. Vista and Windows 7 have made a lot of improvements to security and default configurations, but that doesn't make them invulnerable to network based attacks. XP is also still very common, and with it, all of it's vulnerabilities.
You are very right that there are many available solutions, but their existence shows that there problems are very much 'usual'.
to ranger_one: you really need to encourage your workplace to secure their PC prior to putting them on the network, default all PCs to have their firewalls turned on, possibly use a common, preconfigured imaged that is 'secure' for all new PCs, install or image proper AV/antimalware software on all PC and maybe hire an outside IT security consultant to advise your internal IT on how to properly protect their environment.