A method and a system for securely installing patches for an operating system, wherein the system comprises a personal firewall, for filtering inbound and outbound network traffic; an operating system update agent, for connecting to an update server via the personal firewall to download patches; a policy manager, for invoking respective policies according to respective stages of the operating system; a stage coordinator, for coordinating the policy manager and the operating system update agent for different stages; and a policy database, for storing respective policies for respective stages of the operating system. With the method and system, the possibility of being infected by malicious software is significantly reduced when downloading patches for the operating system from the Internet.