I’ve been hearing the same new idea at work for about 10 years. The idea is pretty straightforward: Since my home PC updates itself whenever it wants and I don’t have problems, why don’t we do the same thing at work so we won’t need expensive update deployment tools?
There are generally two problems with that.
Interruptions. Users don’t like being interrupted to reboot. Deployment software allows you to schedule the updates to happen on off hours so you minimize the chances of interrupting important work. If someone’s on the phone with a customer when the computer decides to reboot and apply updates, the customer won’t be happy. If the CEO’s work gets interrupted, the CEO probably won’t be happy either.
Reliability. Your home PC probably isn’t as up to date as you think. When setting up Nexpose, I brought my personal laptop in to configure it on an offline network to avoid IP address issues. Out of curiosity, I scanned the laptop. I patch it religiously every month and even have Secunia PSI installed on it to keep it up to date. Windows Update and PSI said the machine was perfectly, completely up to date. Nexpose found about a dozen missing patches on it.
I’ve worked places where that’s an acceptable number, but most places I’ve worked, that’s completely unacceptable. Depending on which updates were missing, it could be either, because not all vulnerabilities are created equal. If you want to do better than that, and you want to minimize user inconvenience, you need tools. What’s good enough for home use usually isn’t quite good enough for work, which is why business-class laptops still cost $1,000 while home laptops can cost as little as $199. Update deployment tools cost less than $100 per year per machine, often a lot less in the case of a large network, and they’re worth it in saved labor and improved success rate.