Here's a thought...
Both Java and Adobe (and, hell, plenty others to boot) wouldn't be such rattling garbage-cans of vulnerability if they took their updating routines seriously. I spent time over the weekend updating both for my mum because when they'd tried to do so automatically, they'd both failed (or had been too complicated for her, and she is not below-average in comp lit terms).
The paradigm for all of these apps should be: check for updates once a week (or whatever fits the app's typical update cycle); make sure to play catch-up if the PC wasn't on when you were meant to check; if there's an update, apply it -- silently -- and tell the user when you're done. When it comes to browser plugins, kill the browser when necessary -- but do offer a grace period in the tens of minutes. Do all of this at system level, but make sure unprivileged users are aware of it too. Of course, offer the option of deferment to administrators who don't wish to be caught unawares.
Windows Update has it pretty much bang-on on this one, and shows that it can be done. Why isn't it?