It's a beloved phrase, used by the wise and the lazy alike in response to everything from potential construction to technical work: "If it ain't broke, don't fix it."
I hear it plenty from people who've been bitten in the past after applying a recommended patch for a piece of software, only to see that software break or suddenly conflict with something else on the PC. After that kind of a hair-tearing experience, it's a natural reaction to not want to mess with a setup that's working and seemingly stable.
But there's just one problem. These days, a recommended patch is often, even usually, meant to close a security hole. Going without it can mean leaving the door open to a drive-by-download (see Myth #3) - and a system vulnerable to a drive-by is very, very broken.
You can take care of many risks by enabling built-in automatic update features for things like Firefox and Windows (I prefer to have Windows download updates, but not install them until I say so, on the off chance that an update does something odd). But some of the biggest risks come from things like old ActiveX controls that don't update, and often don't give any indication that they're sitting there putting a big bulls-eye on your PC.
To catch those little buggers, I always recommend a great free tool from Secunia. The company's free Personal Software Inspector can scan your system, notify you about insecure old software, and usually offer a patch download link or other fix right within the program. You can nab it from the PCWorld download site.
Secunia PSI will run all the time by default and keep track of your software installs and removals, but if you're a gamer or anyone else eager to conserve every drop of system resources you can allow it to run at system startup, let it run a scan, and close it after resolving any issues it finds. That's my usual approach to using the software.
Myth #4: dead and buried, and good riddance to it. On to the fifth, and final, dangerous fable.