zlacker

Centralized automatic updates, like those of a Linux distribution or Microsoft's Windows Updates, involve giving permission to way fewer parties permission to download and run (unsigned, in the case of Notepad++ this time) code on your machine with high privileges.

And for more modern software distribution mechanisms (e.g., Nix, Guix, Flatpak), centralized package updates may not actually run any vendor code with high privileges at all.

The norm for proprietary software updates on Windows is indeed a free-for-all of every publisher downloading and running code with admin rights, and it is indeed a terrible way to operate. Avoiding that kind of madness doesn't necessarily mean running lots of old, vulnerable software.