That's a terrible analogy. I have been shaming people for bad security practices and self-righteous ignorance for many years (even before 9/11 ironically!).

I've seen too many people have been wrong and had a bad outcome including complete data loss and in one case livelihood being shot entirely. This isn't a random assertion from thin air. You can't trust people to look after their computers.

- Updates are so important for security you have to install them the second they come out (some are, but most are not), don't you dare even THINK about using outdated/unsupported software that works just fine

- You have no right to mess with the software running on the hardware you own

Kind of like in Windows, where your computer suddenly shuts down to apply a service pack while you were in the middle of an important World of Warcraft raid that you were planning for weeks.

There's always a trade-off between keeping your system secure and being available. Most people don't like to trade off availability, and it makes sense.

My personal experience does not match this at all, so is the explanation there that I'm just lucky?

As a personal anecdote, the only serious malware that has ever hit any system I run, as far as I'm aware, was a zero day exploit. The system was fully patched when it was hit. In contrast, the amount of productive time I have spent over the past few years recovering from problems caused by non-security-related software updates that I didn't particularly want but couldn't avoid if I wanted to keep the security patches is probably measured in weeks by now.

I'm all for keeping systems secure, but when updates start to take priority over keeping systems useful, you have a problem. Most security patches are fairly low risk and have few if any unrelated side effects anyway, but that is certainly not the case with modern software updates more generally. Just look at the frustration of browser users with Mozilla constantly rearranging the UI or Google actively removing functionality from Chrome, or of course the number of users who never moved from Windows XP to Vista or from 7 to 8 because the changes weren't considered improvements.

In the brave new world of Windows 10, the average individual user will be stuck with all the updates, security or otherwise, whether they want them or not. There's really no excuse for that, even in a consumer-focussed OS. Install updates by default, so less technical users get what they probably want? Sure. Block even knowledgeable users from choosing whether to install specific updates? The only time that makes a difference is if Microsoft want to force an update that the user does not want.

At the very least, software needs to do what it used to do: make security updates separate from all other updates so users can just get the security bits.

I don't think anyone is really against quick security-related fixes being delivered with a degree of automation. What most power users dislike is mixing these updates with other ones (typically for commercial reasons).

In any case, for users who do have some idea of what they're doing, OS security updates are probably a relatively low priority today. Frequent robust backups, proper firewalls, and applying security updates to any applications that pull content from remote sources are likely to be more important in practice. If you get to the point where you're relying on your OS to protect you, you've probably already gone wrong at least once. Most desktop OSes won't do much to protect you against threats like data exfiltration anyway, because the security models are nowhere near sophisticated enough.