Not sure if this is really a Server Fault question, but I'll see how it goes...
Since implementing Windows Automatic Updates my users are complaining about the number of updates. The main reason is that they're now being caught up on a years worth of updates which will slow down next week, but... I'd like to give them some real data on update comparisons from other OS's. OS X being the main " is so much better" offender and I can only scrounge up one good article showing the number of bug fixes released by Apple.
Anyone have a good resource for this type of information?
You can get the raw data you're after here: http://lists.apple.com/archives/Security-announce and here: http://rhn.redhat.com/errata/rhel-client-workstation-errata.html (though most RHEL users would also have these be relevant: http://rhn.redhat.com/errata/rhel-client-supplementary-errata.html )
However, take into account that when there's multiple updates on the same date, they would've all been applied at once with a single reboot on OSX. On RHEL, only kernel updates require a reboot (though I'd recommend it for a glibc update, too). One of my own annoyances with Windows updates is that often there are multiple reboots when there are multiple updates. In other words, look at the days or weeks that have an update on RHEL or OSX, not the specific list of updates.
That can be a tough one because if nothing is wrong with the computer, then many users typically say why both with updates. Since this is a company they don't get that choice. It would be a lot like if a company firewall gets put in that blocks IM, facebook, etc after its been open for years. Sorry company policy has changed so this is the way it is now.
Windows may suck due to the updates, but at the same time, I'm glad Microsoft does them in a (usually) timely manner. Not all software vendors do this and for the core workstation OS at many companies I consider it a good thing.
Only thing I could recommend is to set the computers to check daily at like 3am and tell people to leave them on at night for the next while.
I know that doesn't answer your question, but I think MS in this case takes the lead in software updates. Also if they re-wrote thier OS from the ground up it would be way more secure, since they could throw out all the old legacy code that users demand stays so they can still use those old Windows 95 program they refuse to upgrade.
Generally speaking windows patches come out once a month (regardless of quantity). By default the time to get these applied is 3am local time. You can download and set the patches to apply at that time. As far as quantity of patches it's not an apples to apple comparison (no pun intended- well not much of one anyway). Microsoft does its best to makes it's patch structure granular so that a corporation a pick and choose what patches to apply. As far as I can tell apple tends to do the opposite bundling as many fixes at once in to 1 patch (a good example is the article you sited). A more reasonable approach is to total up the number of fixes per sample period. In addition MS puts out application updates along with the windows patches, apple also appears to add 3rd party patches to its patches.
I would suggest that you either use group policy to set the time of patch application to something like 3am or use wsus to apply these patches at a convenient time for the users. You should also be able to apply these patches in big chunks, cutting down the number of reboots.
For OS X, it's quite simple: go to http://www.apple.com/support/leopard/ and you'll see that in 2009 there were 2 security updates and there were 7 updates to 10.5 since it was released. Note that point releases tend to include the latest security updates so this year there were probably only 3 updates to OS X.
Including Safari, iTunes etc updates however, I would say I updated my system about 4-5 times this year. Not a weekly thing by far.
The comparison can be made harder by the simple fact that not all the updates are for the OS. So, do you just count the total, which will vary if users don't all run the same applications, or do you only count the OS patches?
I know this is hardly information you can take to your users but, for what it's worth, I run both OS X and Windows (virtual machine) on my laptop. I definitely receive a lot more updates from our WSUS server than I get from Apple, even though I have updates for some things disabled in WSUS. If anything, I am running a larger number of Apps under OS X.
I'm not sure comparing # of updates is any kind of useful metric regarding the value of an operating system.
The true issue at hand is that those machines have been growing more and more vulnerable as time goes on, and the update time is trivial compared to the lost time/data for the alternative. This would have been true of ANY unpatched OS.
If the complaint is that more secure OS's require fewer updates - I'm afraid they're falling into a 'security through obscurity' argument. I'd probably steer the discussion toward a consideration of all the changes/costs required if they DID want to switch desktop OS.
(on a side note, hopefully you installed SP3 prior to starting updates, as that eliminated 100 or so)