I'm not running a server; I'm running a PC. Security problems affect me very little; broken functionality affects me all the goddamn time.
edit: also, because I'm talking about PCs and not servers, I'm running very few apps, and most of them do not interact with the network. Strategies for securing servers do not necessarily make the right tradeoffs for personal machines.
I understand your base viewpoint. Nevertheless, you are still incorrect; many hundreds if not thousands of executable programs provide you with your experience, if you're using linux, osx, or windows; every executable on your system is capable of interacting with outside sources of malevolence, be that the network, usb drives, bluetooth anything, files that you got via e-mail; and if anything, personal machines need even more vigilance and patchability, as their attack surface is radically larger than your average server.
The ability to update common components is a boon. Seriously. Not without concerns or flaws, as you correctly note. But overall, it's radically better than the alternative.
It's not a matter of correctness or incorrectness; it's a judgement about the relative costs. I have experienced vastly more inconvenience as a result of breakage caused by well-intentioned updates than I have ever experienced as a result of malevolence. As a result, I habitually disable all auto-update systems and do whatever I can to prevent my machine from trying to update itself. So what's really been gained? I have the stability I want, but the supposed security benefits of the incremental update process are lost. In practice, hacker attacks trouble me about as much as terrorist attacks, while system breakage resulting from library updates is common and hard to fix.
First, you are trying to argue that your personal experience and anecdotes should dictate the policy of a large group of software deployments. I don't think that's true, regardless of your position.
Second, you think that the cost of breakage and inconvenience is around equal to the cost of a serious malevolent attack. I disagree. I'd rather experience an issue a month where a program crashes and I have to install an update, if the alternative is someone getting access to my bank account, credit cards, or even personal, sensitive information that could harm me if taken out of context and made public.
Third, I think the reason you don't experience as many malevolent attacks is precisely because many, many PC users keep their systems updated, and the cost/reward for the attackers is low. If every single PC user had your attitude, and no one updated, the first CVE from Windows that was easy to exploit remotely (either via the network, or email + images, or whatever) would result in a skyrocket of successful attacks.
And finally, my own anecdotal evidence is in stark contrast to yours - I relatively rarely get any sort of library or system stability issues from keeping my systems up-to-date, but I have been attacked before, and it is a much larger inconvenience to get new credit cards, monitor my credit reports, and install counter-measures to prevent it from happening again.
https://cve.mitre.org/data/downloads/allitems.html