Microsoft has a lot of good ideas to offer when it comes to protecting you from scareware and other types of malware. Unfortunately, its software doesn't always make it easy to follow its suggestions -- and actually could scare users from doing what's best.

In early April, I had the good fortune of having a lengthy discussion with Michael Pathi, Microsoft's partner technical specialist whose focus is security. That discussion centered on scareware -- rogue security software that deceives users into loading software that purportedly helps them, but is actually malicious.

Like social engineering tactics of a decade ago, scareware plays on the trusts and desires of users. Say, for example, you see a pop-up window that says you have been infected with a virus, and leads you to a virus-checker that can -- for a fee -- rid you of the nasty virus that made the pop-up happen. Call it extortion; and it's happening more often than ever, according to Mr. Pathi.

Microsoft recently published its sixth edition of its Security Intelligence Report. The report says the company found the top cause of data breaches was still lost or stolen equipment (such as laptops and USB thumb drives), and that scareware was a growing threat.

Mr. Pathi told me that while users were getting more sophisticated about not clicking on unknown attachments in e-mails, they had let their guard down in social networking and sharing Web sites such as Facebook and YouTube. They'll click on links to videos that also load the malware.

From there, the malware can use scare tactics to get them to purchase anti-virus software or attack weak passwords, record their keystrokes or do other malicious tasks. More often than in prior years, these malicious attacks are motivated by profit.

Mr. Pathi and the report suggested that the Windows Operating System is more resistant to attacks than ever before, and that many attacks are now targeting applications instead. That led Mr. Pathi to suggest to me that users should automatically update their Microsoft applications as well as their Windows operating system.

While that's generally a good concept, it's also where Mr. Pathi and I differ -- because I don't have enough confidence in the Microsoft Update process to recommend using it. Microsoft Update is like Windows Update, in that it automatically checks with Microsoft to find the latest patches, downloads them and installs them without user intervention. Microsoft Update also updates Microsoft applications including Microsoft Office in addition to Windows.

I have found Microsoft patches for applications sometimes cause problems with the operation of the applications.

The problem is not Microsoft Update itself, but the patches that it tries to install. I'd prefer to wait to install patches until after associates and industry pundits have a chance to put them to use. That way I can rely on independent evaluations before installing.

Recently, a patch that I let install by accident caused Microsoft Word to crash on me consistently and not work properly while it was open. I had to rely on a Microsoft support person to fix the problem; but most people don't have access to this type of support.

So I don't recommend installing application patches automatically, although I want to recommend doing it. Microsoft has to have its act together first -- and supply only reliable patches that don't cause problems or conflict with other software. I'm not yet convinced the company can do that.

But we can dream.