It’s not explicitly noted anywhere, but when you wish to prevent Windows 8.1+ from installing updates without permission, Microsoft doesn’t want you to do that. There are many reasons for this and quite a few of them are speculative but the truth of the matter is that in order to cement their position in the operating system market, they must ensure that their operating system is tightly managed.
Imagine, if you will, that Microsoft is an enterprise’s IT department.
The IT department’s job is to ensure that all of the machines it manages are up and running, and staying out of the way of employees in the enterprise. If many machines at once are compromised or become unstable, then it’s the IT department’s job to fix the issue. If the issue isn’t fixed within a timely manner, then the IT team is blamed for the issue. The boss gets upset, the team has to be sent home. Now not only are the IT team frustrated with the moron who downloaded the malicious attachment in the first place, the boss is also mad at the IT dept. and so is the team that got sent home, sort of.
Microsoft seems to want to behave as the Systems Administrator for the world, patching updates and managing certain settings as they see fit.
They want to control the way that you use your computer. That statement isn’t necessarily nefarious, nor does Microsoft believe them to be so, but I can see why some people, myself included, would get upset at that. Those who are like myself enjoy knowing that the operating system we signed up for won’t change overnight, forcing us to adopt to a new system every time Steve Ballmer changes his socks. There are certain settings that we enjoy being active or disabled. There are certain applications that we use that if you deprecate a certain feature without warning will absolutely break.
Is Windows more secure due to automatic updates? Perhaps that is the case. Is it worth giving up the choice of applying a certain update or not? No. Microsoft is not an omniscient being and will never get everything right. Case and point: all the vulnerabilities revealed at Black Hat Europe this year.
All physical locks can be picked, the same rings true for software up until today and will continue to way into the future.