1) Altiris\Symantec has always been focused on core security updates. MS Baseline Security Analyser finds all updates. For example, the Malicious Software Removeal Tool is considered an update, not a security fix. So MBSA will say it's missing, and Altiris won't. Service packs were another example of this.
2) Why is the patch that is applicable failing?
3) Starting with 7.0 you could patch Adobe and with 7.1 SP1 there are a ton of 3rd party applications that can be patched. AFAIK, this is not availalbe in WSUS.
4) IMO Altiris has better reporting, but you've had some complaints about that (or the lack of customization options open to you).
5) Adding another application and architecture, even if it shares resources, adds complexity where you don't need too, as long as you understand the limitations and workarounds of the existing software.
In the end, as the solution provider it's up to you to recommend to the customer why you choose the solution you find best. I'm loathe to blaim one software over the other, because if my "holy grail" solution ever fails to work, I'm the one left holding the bag.