From a completely random blog involving a new installation of Windows XP:

But eventually it all worked. Well, I think it worked. It was too late to actually try anything. Now I need to get it on our network so I can connect to the internet and install all the security updates.

This leads me to think how many machines are compromised before well-intended patching takes place. Joe is sitting at his computer at 2:00am after fighting through a new install and configuration and says “Oh yeah, patches.” Maybe Joe goes there and maybe he conks out at the keyboard.

Last I checked, it only takes 2 hours for a new installation of Windows to be compromised by roaming bands of viruses and hackers. Scripts are running constantly from all over the world with a blood-thirst for unpatched systems. Maybe it’s time for a new OS installation to come up with a message “You have a network cable connected. Reverting to network-safe mode until patches are installed.” It wouldn’t be hard to implement either – a simple IP stack firewall filter that refuses communication except with authorized patch servers.

The result would be more secure systems, fewer virus/spam propogation points, and an urging of the hacking community to go find something else to do. It sounds like something that would be worth the effort. At least it would help Joe until he wakes up.