Whenever people talk about Windows as a secure OS, they are discussing a fully patched system, but this misses a huge point: the difficulty of installing all the updates and the time this will take.
I have just been preparing a Windows VM and I must be on the 5th or 6th boot just for updates. This is after selecting the option to install updates during the installation process.
Most users will let the system install the updates itself, which means that, at best, only one set of updates will be applied per day, leading to several days of an insecure system.
This, of course, does not include insecurity from other applications such as Java, flash, Acrobat, all of which have their own updater, some of which do not run automatically, leading to systems effectively unpatched for weeks.
I have posted this before and I will repeat it: Microsoft needs to allow third parties to hook into the Windows Update system to automatically download and install updates. Microsoft also needs to find a way to install all updates in one shot. If every Linux distro can do it, I really don't see why Microsoft (with far more resources) cannot.
