We take our systems down annually for cleaning. The dust bunnies may not like getting evicted, but the systems run cooler without them.
Thing is, you are also not installing the patches either, and that means you had to work quite hard de-activating all of the "features" in order to prevent problems. I'm sure you've seen the joke that says
Windows has detected that you have moved the mouse. Reboot for this change to take effect OK
Many people recommend installing all applicable patches/updates as soon as they are made available (I happen to be one of this group), while other say to wait $PERIOD to see if the patch/update is safe, and still others don't install them because it often breaks other stuff.
You recommend up-thread configuring 'Windows Updates' to install at 3AM every day, and "Arthur Hagen" responded to recommend Tuesday afternoon PST, due to Microsoft only releasing security patches on Tuesday mornings. WTF? Do the people who 'sign off' the patches only work Mondays?
You'd think that the admins at Microsoft would know how to do that. Why then did the "Slammer" (aka Sapphire) worm go through the servers _AT_ Microsoft last year like a dose of salts - the administrators at Microsoft didn't want to update because the patch that was available 5-6 months earlier broke to many things. Hit groups.google.com if you don't believe that.
I'm not saying that non-Microsoft O/S are perfect, nor am I suggesting that they might be for everyone. If you've been following the *nix news groups for any length of time, you may have noticed the lowering standard of users questions - especially since KDE and Gnome have become popular desktops in the various families of *nix. But even with the explosion of features (most of which I can somehow manage to live without), there isn't as much problems keeping the systems secure.
Remember, the only anti-virus applications in *nix are meant to run on mail and Samba servers to protect the windoze clients.
Old guy