And? How do updates help any of this? Firewalls are a thing. Memory-safe languages are a thing. Unit tests are a thing. Fuzzing is a thing. And it is not an OS's job to protect the user from themselves (i.e. social engineering). If you've installed malware, you deserve the consequences and you will be more careful next time. It's okay for powerful technologies to require a minimum level of education.
theres this thing called the internet, to which the OS connects, filled with adversarial actors, so no this is not correct at all