In the PC world patches where a rare thing. You purchased a program and then when the next version came out you either upgraded or didn't end of story.
As programs became more complex and we actually began to use more of the growing set of features. We found bugs and software companies began to supply patches. If I recall correctly (IIRC) most patches where actually a whole new install that you didn't have to pay for... well maybe a small fee for the media (5 1/4 inch floppies) and shipping.
Most people and companies didn't bother installing patches unless they experienced an error that required the patch to be resolved.
Time and the world moved on and before we knew it people actually started to break into computers. A whole new breed of patches. Security patches.
As the "dark side" evolved their techniques patch management went from an anomaly, to a necessity, to the current arms race.
- Vulnerabilities (http://www.answers.com/main/ntquery?s=vulnerability&gwp=13) are announced.
- Exploits (http://www.answers.com/topic/zero-day-exploit) are found in the wild, or sold on "underground" auctions.
The there is a paper Windows XP: Surviving the First Day (http://www.sans.org/reading_room/whitepapers/windows/1298.php) that has advice on how to patch a new system prior to connecting it to the world, and no it is doubtful the system will survive long enough to finish the windows on-line patch process before it is infected. I personally have had luck with this DIY Service Pack: Installing Windows updates without an internet connection (http://www.heise-security.co.uk/articles/80682/0) for updating new systems and ones that are missing patches.