Dale linked to D-Bunkers post on Vista and potential ramifications of DRM requirements therein.
Control Engineers need to both be aware of the need to patch and update and have an understanding of when it is relatively urgent. There is no real reason not to patch your systems. To go a step further control vendors need to start developing a organized and controlled mechanism for updating and patching the historians, MES and even PLC's. As cycle time shortens vendors that have already developed this capability will come out ahead.
Obviously all of this has to be done with proper change management.
On the flip side it is absolutely essential that companies like Microsoft and others realize that as they expand more and more into the automated control world they need to have a greater sensitivity to allowing the customer to control when, how and where any changes of any type occur on systems. If they cannot achieve this with their standard deployments then they need to develop deployments that are able to do it.
I'll go one more step further. If you are an engineer and a new system that a vendor is pushing you towards runs an application or OS that performs updates and changes without your full control, you have an obligation to NOT use that system. This is exactly what D was describing in his post on Vista and DRM.
If Vista performs updates and takes actions without allowing the administrator to control those actions in terms of when, how much and even if they occur then Vista should never be used in any closed or open loop control environments. Period.
With root kits and other driver level attacks becoming more prevalent it is good for MS to protect the drivers and ensure they are not the bad guy, but for process control systems they need to do so in a manner that leaves complete control of the process in the hands of the owner of the system not in the hands of some arbitrary algorithm. I don't believe this is some greedy driver licensing scheme (though I could be wrong).
In the SCADA world the ability of the opertor and engineer to fully control the operation of equipment trumps all.