I do all my internet access in a virtual machine (Sun Virtualbox).
I install MS patches only after they've been out for a few weeks and when I know that what they do is something that I want done on my systems.
Never had a problem yet (knock wood)
I’m always 100% patched and have my virus software current however don’t forget about java, flash, etc. updates.
I got nailed several weeks ago by a java exploit even with everything else 100% current.