>So you would be happy with a botnet of millions of home devices crashing infrastructure
The trouble is that any half decent malware from the last decade, either disabled some updates or change things so that updates fail; hence I regularly come across systems where Windows Update is running automatically in background - but the user is totally unaware of the fact that either no updates have been successfully applied for several months. People tend to only discover their machine has been hacked when either an AV update (assuming this hasn't also been compromised) enables the scanner to detect the malware or the malware moves up a step and their system becomes unusable.
So whilst I'm not happy with a botnet of home devices, I can't see any simple and 99.999% reliable way of remotely and automatically updating hacked devices, with a 99.999% degree of confidence that the updated device will boot and be fully restored to normal operation.