This is going to sound critical, it's not meant to be.
xenomat: I've been working in IT for over 20 years
That's a meaningless statement. I know people who've been in the industry for 20 years who have never progressed beyond Deskside support, I know others who have reached architect level at half that time or less. Note I'm talking about people I would consider actual architect level, who are in reality few and far between. All too often these days it's used as a vanity title, though not quite as bad as one person I know who has given himself the job title of 'modern workplace evangelist'.
xenomat: Nothing against security updates, but i prefer to decide for myself when i want to do this, not some company somewhere on the planet.
There are a host of ways to control when updates are applied, most of the companies I deal with use Endpoint Manager (SCCM as was) where security and feature updates can be delayed indefinitely should the company choose to. Once you do decide to deploy you can dictate down to the minute beyond which the updates will actually apply and how long a user can delay the reboot for - one company chooses to not enforce a full reboot at all but wait for it to happen over time and uses fast boot to avoid updates applying in the meantime. A silly approach in my opinion as it leaves their machines unpatched but their choice.
xenomat: What could possibly be the reason for a company to enforce updates and think this will be receipted in a positive way?
How about the fact that Microsoft spent years being criticised for security flaws being openly exploited but for which they had released patches sometimes months previously that people just hadn't installed?
Another reason, that MS were quite open about when they moved to the single update model (rather than multiple updates that sys admins selectively chose from), was testing. Microsoft had a graphic they used at the time which was a wall with some of the bricks missing, meant to show a company that had selectively chosen not to install particular updates. They had several other walls, each with a different set of bricks missing representing other customers. Microsofts point was that because different companies excluded different 'bricks' (patches) they found it impossible to properly test updates before release as they never knew what combination of previous updates they would be dealing with. To cope with this they stopped giving sys admins the choice, I can't speak for your experience but patching has become a much smoother more trouble-free experience in my customer base.
xenomat: All my Windows OS from 2000 over XP to 7 never had any issues, infection or anything and i never run protection or anti virus software because i know what i am doing.
I did some work for an IT manager at a private wealth fund company who said he didn't need a security officer because 'he did it all', despite not having any formal training or previous experience. I'll say the same thing to you that i said to him - how the hell do you know you haven't been compromised? Of course ransomware and some malware is either completely obvious or badly written such that it has noticeable effects on the system that cause you to investigate. Many compromises don't, especially ones that are after longer term financial gain. The fact is that the wealth management company may have been leaking valuable data for months or years in ways he lacked the skills to understand.