any closed source autoupdater can by default be malicious. do you disagree?
Any software in general can be malicious - but the fact that something includes an updater does not make it any more malware than it makes me a criminal for running tor. It can be used for good or bad purposes - I have yet to see any evidence from your camp that would even remotely persuade me that Microsoft intends to use this tool for illegal or malicious purposes.
His issue is not with the autoupdate, but with the closed source nature of everything it downloads. Antivirus programs have numerous times caught and considered actual system files as virii. With no way of looking into the source for those binaries, there's no way to be sure that the program wasn't right. (note, this is just my tin hat speaking, I hate windows for completely different reasons)
Open source is inherently safer, due to the fact that you can examine the source, and see what it's actually doing.