YoKenny what are you talking about.
The whole concept of SB, is whatever shit is in the box, gets flushed away,when you empty the box. You would have to be an imbecile, to go to windows update site ( sandboxed ) and install updates. ( although, i believe, some do, to test updates on there system )
House on sand
For mere browsing,opening email attatchments, SB, is perfect.
I download dodgy files, i run them sandboxed. My AV is watching all the time. I can scan my sandbox, with online scanners, or mbam, sas.
Yes of course, you should set windows updates to auto or notify, but the person you are talking about, doesn't even know how to use SB, and has obviously, for his own reasons, chosen not to update to sp3.
EDIT: iam currently at this moment browsing sandboxed, and downloading windows updates ( what a coincidence )