Lazy consumers? Perhaps.
Lazy network managers? Only the one's for very small sites.
Let's take Blaster, for example and a typical enterprise, say, about 1000 servers and 10,000 desktops.
Each of those servers runs applications. Not all the same application, sometimes a mix of different ones, sometimes single purpose apps, sometimes apps in standby for a disaster recovery situation.
Let's say that there are, conservatively, 1000 servers with 100 different apps running on them. Each server configuration must be patched and then tested before going into production. That requires that either you have an exact duplicate machine for each production machine (which is prohibitively expensive both in hardware and Windows licensing costs) or you have a few machines that you can format, install Windows, install and configure the software, install the patch and test.
That means formating, installing and testing around between 100 and 500 servers in order to test every configuration. And that doesn't include testing every desktop configuration too.
Considering that a typical install evolution consisting of Windows, application and system configuration can take around 2 hours per server, plus add on a 24 hour window to let the machine run (during which time the machine can't be formated and move on to the next test platform) it's not unusual to require 3 to 6 months to test all servers and then patch them once a patch has shipped.
Blaster gave them about three weeks.
I dont get your estimates. Once the patch came out, it took us less than 36 hours days to write scripts and patch 450 servers and workstations.