I've been battleing with the Admin's here about how all of our NT4.0 machines at work don't have any Security updates other than the usual McAffee Virus updates. The last time they were updated with Microsoft Security updates was last fall and that was only because every single machine running NT4.0 server was turned into a brink by Nimda. The ones running non-server versions were hit hard too. Am I right to assume that if these security updates were in place, we would have still been hit by Nimda, but not as bad?

These computers are shipped with special configs and are meant to basically run one set of programs. I could see how most changes to the setup would require authorization by the vender - but our Admin is a full time employee of that company hired to be on-site here 40 hrs a week.

Any comments or opinions?