If we are talking about OS updates, OSX has the same thing.
You are not required to use Windows Installer. And even if you do, you are not guaranteed that everything will be removed, be it due to malice or incompetence.
Not even Linux can guarantee that. Something like the Nix package manager would be closer to what's required. Plus a sandbox.