>> Lots of people *I know* would just press [X] on any popup they
>> see (such as "Would you like to update?").

You speak as though updates are a needed thing. I don't think they
are. I'll try not to be too boring, but here's why I think this.
Up until last year, I happily used a win98 (first edition), 300
MHZ emachine. I kept NO antivirus software regularly
installed for 12 years, though I would occasionally borrow a disk
from a friend for testing. I never had a single virus. Getting
virii is much more a 'user habits' thing than a 'lack of security
updates' thing.
It is possible for an attacker to get into your computer without you ever doing anything aside turning it on. However, the vast majority of attacks require participation by the user in some way or another since it just makes things so much easier.

That said, it is all up to the user's paranoia to try to determine what kind of defenses needed for that particular system. If it is just a home system and your most sensitive data is some embarrassing pictures of you at your friend Chad's birthday party when you had a few too many drinks, you can get by without any protection. This isn't secure but as long as you aren't targetted by a determined attacker who wants to add your machine to his bot net, you won't get many trojans or shit on it.

However, if you offer a server which is linked to by other websites (in other words, advertised) this instantly makes it a target to several attacks and should undergo what us security fanatics call "system hardening". One of the important steps of this process is applying updates and patches since discovered vulnerabilities are the easiest ones to exploit and there exists tools for script kiddies to develop their own attacks exploiting these vulnerabilities. If a script kiddie can write a virus which can infect that system, you don't even want to know what kind of nasty things an experienced attacker could do to it.

Lessons learned along the way:
'cd downloads' isn't the same as 'cd Downloads' (actually knew that one, but forgot)
'cd..' isn't the same as 'cd ..'
'cd downloads' + 'cd adom' + 'adom' isn't the same as 'home/w/downloads/adom/adom'
Learning command line is the most difficult part about becoming a true Linux user. When you learn how to though, you can do some extremely powerful things using scripting. Also, it gives you that awesome early 90s feeling when you are sitting in a dark room with nothing but a terminal window open and some [insert 90s music artist] blasting on the boom box.

Second, I timed Ubuntu's boot time. From power on
to desktop took 30 seconds, same system boots vista in 60.
You can get this to be even faster if you compiled your own kernel with only the bare necessities. :b