Software updates: Generally speaking, when an application installer asks you to reboot it’s a lying liar who lies. (Even device drivers.) Now, that said, it may require you to log out and log back in… and it may be excusable in that “restart your computer” is easier for the layman to understand than “log out and back in”. (A lot of Windows users don’t even know it’s possible to log out without shutting down.)
You’ll note that installers by companies who actually have competent programmers (for example, Microsoft themselves) never require a reboot. Don’t confuse “OS runs software made by bad programmers” with “OS is bad”.
OS updates: Linux needs to reboot for these also, but Linux distributions usually trust the user to know for sure whether they do or not and don’t reboot automatically. Why does Windows ask you to reboot after installing OS updates? Because most applications are using the same few shared code libraries… to explain:
Say there’s a security flaw in MSHTML.dll. Your computer is running 6 applications, all of which are some way reliant on MSHTML.dll. When the OS updater runs, it has no way of killing off those 6 applications without the real risk of the user losing data. And it can’t replace the file without those applications quitting first. So the solution Windows uses is, it places a little marker in the boot-up sequence that says “after you boot but before any applications run, swap-in this updated version of MSHTML.dll”, then forces you to reboot.
Once that boot-up message is in place, there’s nothing technically requiring you to reboot except the danger of running a .dll file you know contains a security flaw.
Now Linux works somewhat differently-- when a program in Linux uses a shared library, the OS won’t give it the version on disk but will instead copy the library into memory and let the program use the in-memory version. The advantage of this is that Linux updaters can switch-out the insecure library without having to first quit all the applications using it. The disadvantage is the applications using it will still be using the insecure version of the library (from RAM) until the computer’s restarted anyway.
So the practical different is nil: Windows requires a restart for security updates, and so does Linux.
So why do people think Linux doesn’t? Because Linux updaters, generally speaking, don’t automatically restart for you, and also don’t tell the user that they need to restart to have a secure system. Linux OSes trust the user to be savvy enough to read the list of patched files and determine for themselves whether or not they need to restart affected applications.
Note also that some people promoting Linux will bend the truth and say things like, “you don’t need to restart Linux to apply updates-- you just need to quit every single app and service and log out all users.” What’s the difference between that and restarting? Not much, practically speaking.
I hope that helps answer the question.