There are several issues with your question that concern me.
First and foremost, critical systems such as firewalls and other critical networking devices should NEVER be updated in an automated fashion no matter the reason(s). Automatic patches from Microsoft concern me in that they are sometimes (most of the time) never tested by the vendor and cause issues when say the first version is released. I've seen networks come to a screeching halt due to issues such as these. Manual is always best for any server device. Desktops are cool in an automated fashion. It's a well known fact Microsoft doesn't have a good testing methodology for its releases or service packs. As for antivirus, although they do not have the same quality issue, the process should be controlled to ensure network connectivity is NOT impacted.
Spoofing and hijacked sessions are only minor concerned with my comments above. Although not as common today, I'm sure the future holds great promise in these types of situations, thus your comments are correct.
For more info on this topic, visit these SearchSecurity.com resources:
This was first published in April 2004