"yes, both people who allow automatic updates and people who manually scrutinize and approve updates are vulnerable to zero day exploits."
Right, so the update-sceptics are no worse off then.
"your logic is like saying a knife-proof vest or a bullet-proof vest for a policeman is "useless" because it doesn't protect him from a V-2 rocket falling on him from out of the sky."
You may be terrified of zero day exploits but I can assure you that they are nothing "like" ballistic missiles, they are simply vulnerabilities that the vendors have not patched yet. If you are very afraid you could simply disconnect all your machines from the internet and make sure you scan all your imported files for nasties in a test environment first.
"ironically dear old auntie or granny with her computer set to accept patches automatically is LESS of a disease vector"
I doubt there/s much difference in practice, just look at how old some of the "zero days" are, case in point font rendering vulns that allow an attack to run code in ring 0 existed in NT and it's derivatives for over 20 years - despite thousands of updates (and drive by attacks). There have also been updates that introduce new vulnerabilities, the OpenSSL Heartbleed vulnerability is an example of new functionality bringing new vulns. I'm using heartbleed as an example because it's not all MS's fault, and in that particular instance I dodged the heartbleed vuln simply because I felt the risk posed by the update was not worth the reward (functionality that I didn't want).
If you care about vulnerabilities there really is no alternative to research and paying attention to what the updates are doing - because history shows that trusting a single vendor to fix every single hole in a two decade old piece of bloat-ware just isn't enough (and vendors make mistakes)...