• The case against Windows Automatic Update

    Home » Forums » Newsletter and Homepage topics » The case against Windows Automatic Update

    Author
    Topic
    #128277

    Yes, you need to apply Windows patches. No, you don’t need to install them as soon as they’re available. I’ve taken a lot of flak over that position.
    [See the full post at: The case against Windows Automatic Update]

    7 users thanked author for this post.
    Viewing 16 reply threads
    Author
    Replies
    • #128284

      I personally think critical security updates should be automatic for most users. But the rest of the updates not pertaining to security should be given some sort of option to not install. Either for a period of time, or until the user decides to install them. Obviously the more updates you push each month the more chance your going to negatively affect some devices. Win 10 home users have little in options for updates which is unfair, and spending money to upgrade to Win 10 Pro seems a bit much to ask a typical consumer to pay just for some flexibility. I would be accepting of forced critical updates, and leave the rest to the end user to decide. I do not like Microsoft grouping in all sorts of trial games, and other apps that don’t interest me into Windows updates. This should not be a conduit for Microsoft to push its wares. That’s what the App Store is for.

      1 user thanked author for this post.
    • #128286

      @Woody: Personally, I think that, you and all of the professionals on these pages are right in the fact that it is best to NEVER USE AUTOMATIC UPDATE. Control what is on your computer and how it operates. We, nongeeks will have to LEARN computer language. Now days, and beyond, it is is a must!!!

    • #128294

      Woody this is indeed an interesting debate.  I have taken an unusual approach for my 150 client computers.  I do updates for them remotely.  They do no updating and for sure Automatic update is set to Never… I am doing updates about once every 3 months or so and well after their issue dates.

      I continue to use pkcano’s guide using security only updates.  Although I understand now that KB4021558 had an error patched in a non-security update.  If you recall our debates nearly a year ago, I predicted this would be the Achilles heal of security only patching (B).

      I have applied most updates issued up to May.  I have not applied any Office patches later than that.  QUESTION:  Is the mess with Office WU finally fixed???

      The big question remains for me whether updating should be done at all.  I continue to be convinced that the risk of a PC changed to suit Microsoft and not me and my clients is nearly 100% AND the risk of me or my clients suffering major failures due to hacks is pretty infinitesimal.  Keeping in mind that all are Win7 and all have Bitdefender Antivirus

      Hacking has largely changed from the basement kid attacking computers for fun to criminals attacking for profit.  None of us are the kinds of targets that would be regarded as potentially profitable.  Hackers have become pretty selective and seem to be targeting institutions and businesses.  How much risk does Aunt Martha really have if all she uses her Win7 protected computer for is MaJong and email?

      I would be very interested in hearing debate on my premise.

      CT

      • #128388

        I would be very interested in hearing debate on my premise.

        I’ve had all the Office 2010 updates and have never seen any practical problem from them. I use Outlook every day, all day, and Word and Excel regularly.

        Everyone does things differently and configures their running environment differently. I probably just don’t receive the kinds of Outlook attachments that were affected by bad patches, and I just don’t enable the iffy Windows features (e.g., indexing) that ran afoul of the Office updates. Experts will almost certainly do things differently than newbies or casual users.

        My point is that, while avoiding Office patches may seem prudent – necessary even – based on what’s written, I personally cannot confirm that a strategy of avoidance w/regard to Outlook and Office patches would have done me any good.

        That said, I DO follow a “wait and see” approach. I never install updates on the first day they’re available.

        Not everyone can do another thing I do, which is to actually test updates in virtual machines BEFORE rolling them into the real, critical hardware. Doing this of course requires me to maintain complete control of WHEN they’re allowed to install. But that may be the kind of thing your users expect of you.

        I very much support your premise that we need to start thinking about protecting ourselves from Microsoft. They have PROVEN that they are no longer the trustworthy partner they once were.

        -Noel

        1 user thanked author for this post.
    • #128297

      Microsoft apologists complain about the “FUD” surrounding Windows 10, but IMO the biggest FUD being spread has to do with the supposed dangers of not keeping your computer updated to the minute.

      How many computers are actually affected in a given month by any specific vulnerability? We are seldom told. Instead, we are kept in a constant state of fear and terror that one of these evil entities lurking about the Internet will possess us if we’re not good boys and girls and obediently accept every protective spell that the Redmond priesthood sends our way.

      I for one am sick and tired of being treated like a child, or at best like an ignorant peasant who doesn’t know what’s best for him and needs the kindly protection of Daddy, or of The Enlightened Ones telling me what to do as they enmesh me in the Windows 10 straitjacket. I’ve seen more PCs borked by Windows 10 in the couple of years it’s been around, than I’ve seen PCs infected by malware in the 30 years of Windows before it. From a practical standpoint, which one is the greater threat? The answer is clear in my mind.

      Stop the FUD, Microsoft. Stop the paternalistic “we know what’s good for you” attitude, and put an end to forced updates in Windows 10.

      7 users thanked author for this post.
      • #128394

        I see I’m not the only one who feels those who would seek to control others all too often use fear to do it.

        I remember way back when stories started coming out how if you plugged an unpatched XP system into the Internet it would be compromised in mere minutes.

        What I always saw as hilarious is that Microsoft made the thing that they’re continually telling people MUST be patched for their own safety. And they present vulnerabilities as abstract things that are givens. LOL

        Rather than strive for excellence, to make the system more robust and secure, they embrace and manage and even market their mediocrity in producing products to turn it into a method for controlling people.

        -Noel

        3 users thanked author for this post.
    • #128299

      My Windows 7 machine is my dual-boot machine, with Xubuntu Linux on the other side. I rarely go into Windows on that machine, so there’s no danger of a Windows malware infection till I go to that side. I usually get up-to-date on updates when I go to Windows — approx. once per month.

      Group "L" (Linux Mint)
      with Windows 8.1 running in a VM
    • #128300

      The only evil from the outside, that made me wanna cry, has come from Microsoft…

      But then again, my install has from day one been trimmed from not needed “features” like filesharing, remote control a.m.m. and I never really click on anything while browsing. The Windows Service list is trimmed with carefully selected disabled/manual settings and my ISP has a very high level of security when it comes to email deliveries, so haven’t ever seen a phishing mail etc.

      So of course I may – eventual – do the updates, but I’m certainly not in any hurry.

      Perhaps at MS-DEFCON 4? 😀

    • #128302

      I agree, I don`t need Eastern European currency changes or time zone changes.

      1 user thanked author for this post.
      • #128448

        Yeah, marking that as important is just absurd. Just another piece of proof Microsoft never actually got to know how to update their own OS.

    • #128304

      I am somewhere between Groups B and W. I download the updates from the wonderfully maintained Security-Only update thread on this site, but I wait forever to apply them meaning I test every update for several weeks before installing the next. I also download the NET updates, but haven’t done those yet either. When I do install this stuff, I make sure to do it in the order they were released as I label the files and keep a ordered list in a notepad for easy reference. The last Security Only update I installed was from January and I already had March’s update installed for DoublePulsar and all that stuff. So, next up would be NET 4.6.2 and April’s SO updates for Windows and NET. I imagine problems can happen if you install updates out of order, so I am careful to try to avoid installing them out of order.

      As I’ve said several times on here, I reject the idea that not updating Windows promptly makes your entire rig an unstable mess of security holes; it doesn’t. I used XP almost three years after EOL with zero issues. When I got this Windows 7 machine, guess where my first problems came from? You guessed it, automatic update borked some updates which is what led me to this site in the first place. The unreliability of WU seems, to me, to be a much bigger and more serious threat to the stability of my PC than anything out in the wild and what really puts the exclamation point on that is that many people would have you believe WU is safe and reliable… except it may bork your system, screw up your drivers, corrupt updates and/or the WU service itself all leading to more stuff for you to deal with and that’s just with Windows 7. You may even have to restore a backup image to fix your system after WU makes it unusable. Windows 10 has done a lot of damage to people’s PC’s as well.

      So, as far as I’m concerned, all this debate about whether Automatic Update is good or bad is moot to me because WU itself and the constant flow of buggy patches that flow through it every month are security risks in and of themselves and people are asking themselves if it’s a good idea to allow this program to do anything automatically? To each their own, but to me, all this urgency to update as soon as possible is nothing more than FUD. Sure, you may update 20 times in a row with no issues, but all it takes is one time to bork it all. I don’t trust MS anymore for several legitimate reasons that seem to mount every month.

      The best way to keep your PC secure is with good habits, layered protection and a little bit of common sense. I think this site, for the most part, offers the positive stimulus people need to want to learn a bit more about Windows and make informed and better decisions and that’s a good thing.

      9 users thanked author for this post.
      • #128330

        You said it, Sessh. Very well. I completely agree. Thanks for expressing these views here. I am not alone!

        CT

        1 user thanked author for this post.
      • #128340

        Hear hear. 100% totally agree.

        M$ has lost a very important component of any consumer, TRUST.

        I do not think that they will ever be able to recover that loss either if they keep to the current direction that they are h***bent on going.

        Once that TRUST is lost, then they will be forever trying to get it back, but IMO it is virtually impossible for the current batch of consumers to forget this whole debacle .

        I do not trust M$ as far as I can throw them, and that isn’t very far.

        One day, M$ is going to get such a slap in the face from us unpaid Win10 Home Beta testers that they will wonder what the h**l went so wrong, when it is there unavoidably starring in their face now.

        Stop this garbage of an idea of the Win10 update regime NOW.

        Computer use life used to be so simple, but now it is just a real PAIN to just to try and keep things stable and working.

        Wombat.

        4 users thanked author for this post.
      • #128395

        The best way to keep your PC secure is with good habits, layered protection and a little bit of common sense.

        Deserves to be repeated and highlighted.

        -Noel

        4 users thanked author for this post.
    • #128311

      Although I am follow Group B, I agree in part, with Sessh. I pick and choose updates, not necessarily in order, but in importance to my Windows 7 sp1 x64 home premium (original 2009)install.

    • #128312

      The only program in Windows that I don’t use is the Outlook. I have Outlook on a disc from Microsoft. I just don’t get along with it,as I have three email accts..

      • #128325

        We discussed this already in another thread. Outlook is not part of Windows and if it does not serve you, it is better not to be installed.

        • #128331

          Thank you ch100. Of all my 150 client computers, I think maybe 2 or 3 use Outlook. About half use webmail, mostly Gmail or Yahoo, and the other half use Windows Live Mail 2011. They also have email addresses from Gmail and Yahoo. Almost none use a Microsoft address. Microsoft has thoroughly loused up email for most people in its endeavor to turn it into an ad delivery centre.

          I recognize that WLM2011 is not supported by Microsoft. That actually turns out to be a very good thing. They loused up WLM2012 with several bad updates. I have an archived full copy of WLM2011. WLM has virtually all the features of Outlook but better for most people. It probably does not work at all for businesses or institutions.

          WLM2011 is a far better email client than Outlook. It is actually Outlook Express, much improved. The biggest difference is that WLM creates individual files for each email instead of trying to store them in a database of sorts. Managing that database it turns out is the cause the vast majority of Outlook problems.

          CT

          1 user thanked author for this post.
          • #128332

            I am an Outlook user which I find useful for the scheduling features but I also use it for ongoing learning of the product. For most non-business users, a simple email client would be better.
            I am not so much in favour of online email, but that would do the job in the same way as Cloud solutions would provide an easy way out from administering Windows, which has become more and more difficult for the non-power user. I see Windows 7 on the way out already. Windows 8.1 may be an intermediate workaround, but for the same effort and learning curve, Windows 10 is the way to go if sticking with Windows in 2017 and the years ahead.
            I miss Outlook Express or its later WLM versions.
            Probably the closest equivalent in functionality and still supported is Thunderbird from Mozilla, but I would leave others with more experience to discuss about email clients and their suitability for end users.
            Outlook (full) is not an email client as such, but rather a business/office tool. The email functionality is only a subset for this product.

            2 users thanked author for this post.
    • #128324

      I think many of the people posting here and making claims of knowing what this is about should go back and read carefully Woody’s article
      http://www.computerworld.com/article/3213929/microsoft-windows/the-case-against-windows-automatic-update.html
      There are keywords and key phrases which should not be taken out of context like “moderately conversant with your Windows machine”, “savvy Windows users”, “sainted aunt Martha”, “knowledgeable enough”.

      The same people should read carefully Canadian Tech’s post and understand it. There is some history of me being in disagreement with CT’s method on this site and the previous versions of this site, but I appreciate that CT is a highly knowledgeable person who manages a number of users and as such knows exactly what to do and how to take corrective action if the situation requires it. Most people posting here do not have the same understanding. CT customises his approach to his user base and this is OK, as his clients can be considered “managed” in the same way small business users would be, which means not tightly controlled, but just enough for a balanced good and at the same time secure enough experience.
      Please be aware that not patching may be better than selective patching for a large number of users to have functional computers. The computers have to serve a purpose before being secure.
      Most posters here, although they have an interest, until they have the understanding are better off by following “sainted aunt Martha” approach.

      2 users thanked author for this post.
    • #128343

      3rd entry, I turn all three diagnostics and Windows update off at bedtime and shut my desktop down. I took the advice from Woody to shut down the desktop every night.

    • #128346

      Let me make this short. We are dealing with a two track problem. Track one is the win7/ 2008 win 8.1/2012 OS servers. These are stable secure systems. The WU problems were nothing more than a lack of maintenance, which with outside and public pressure were fixed. Then there is the win 10 series/2015-2016 servers. (stops, bangs head on desk ) The problem here is not win 10 per say, it’s the lack of QA follow up and flat out lack of tech support. The use of unpaid  beta testers, is nothing more than a excuse to hide behind. First it was consumers, soon business and enterprise users.  In this I find Microsoft’s current behavior repugnant.  WU( both consumer and enterprise level) is an  fixable problem. This is nothing more than programing/coding issue. Microsoft knows the solutions, so why don’t they fix this. That’s what I’m interested in.

      • #128452

        In this I find Microsoft’s current behavior repugnant.  WU( both consumer and enterprise level) is an  fixable problem. This is nothing more than programing/coding issue.

         

        Apart from the philosophical and ideological processes that precede and dictate the actual programming/coding, you cannot be more right. Your short sentences say a great deal about Microsoft.

    • #128347

      Most Windows administrators does not have time or competence to understand patch bulletins. So, they simply enable automatic updates, at least for security updates, rather than getting hacked

      1 user thanked author for this post.
      • #128369

        Absolutely true.

        • #128390

          Very likely true, at least in terms of numbers of admins.

          Companies that want to protect their machines need to spend the money to hire capable individuals as gatekeepers for patches.

          Individuals, in my opinion, are better off waiting a few weeks before running Windows Update – providing they’re able to cut through the bafflegab, and get the updates installed manually.

          3 users thanked author for this post.
      • #128410

        @ … zamroni111,

        Such lazy Windows 10 System Admins who enable automatic update for their clients will have to answer to Da Boss if a buggy security/quality update borks the company’s computers.

        According to https://docs.microsoft.com/en-us/windows/deployment/update/waas-manage-updates-wufb , the Admins should first test the updates on a few devices(= about 10%) before deploying them fully to the rest.
        … Quality updates can be deferred for 30 days max while feature updates or Version upgrades can be deferred for 365 days max(for Win 10 Pro, Ent & Edu Version 1703). Definition updates(eg for Windows Defender) cannot be deferred.

    • #128353

      Many sainty Aunt Martha and Uncle Joe Dummy with Automatic Windows Update got auto-upgraded to Win 10 from Win 7/8.1 by M$ during 2015 and were stumped by the new OS and UI.

      Since 2016, many sainty Aunt Martha and Uncle Joe Dummy were forced to run Win 10 Home when they bought new OEM computers and ended up with borked computers through buggy auto-updates. They might have to send their computers to the repair shop and pay for the repairs/recovery time and time again.
      … In Win 10, most of the default settings allow M$ to exploit the saints, eg settings for Ad display and Privacy/Telemetry.

      It likely would have been a better outcome for sainty Aunt Martha and Uncle Joe Dummy if the default setting for Windows Update was not Automatic, ie was Manual.
      … In effect, M$ have been “Win-ning” against the sainty dummy users by default.

      Maybe, people need to be trained and licensed by the government/schools before they can use a computer, similar to Car Driving tests and licenses.

      2 users thanked author for this post.
      • #128356

        “It likely would have been a better outcome for sainty Aunt Martha and Uncle Joe Dummy if the default setting for Windows Update was not Automatic, ie was Manual.”

        PLEASE PLEASE PLEASE show me the instructions where I can turn the Win10 Home automatic updates permanently off or to manual only.

        Wombat aka sainty Aunt Martha and Uncle Joe Dummy

        • #128358

          I’m not sure if you have checked out AKB200005, on the subject of Windows 10 updates.
          Woody does not recommend disabling Windows Update, but if you choose to go that route on your Home version:
          1. Search for Services
          2. Right click, to Run as Administrator
          3. Scroll down to Windows Update
          4. Right click, to select Properties
          5. Set to Manual, or Disabled if you see fit
          6. To keep up with regular updates, you will need to re-enable this, if you set it to Disabled
          7. To check for updates manually/after re-enabling, click Settings>Updates, to check for updates

          • #128367

            Not sure if it works. There are Scheduled Tasks which re-enable the service in the background and for good reason. Windows Power Users do not use Home Editions except for research purpose.

            1 user thanked author for this post.
            • #128391

              If one wants to TAKE and MAINTAIN control over Windows 10’s update policy, it requires a little bit of ongoing effort.

              As ch100 mentions, even if you turn things off there are influences that try to (and sometimes succeed to) turn things back on. Scheduled tasks, other services, even the Windows Update process itself. Microsoft ACTIVELY wants to take control, under the guise of “it’s for your own good”.

              I developed a script for all my Windows systems – not just 10 – that regularly generates a report containing quite a large number of system settings, lists of what’s running and installed, etc. I regularly use a comparison tool (Beyond Compare) to compare current vs. older reports, looking for changes.

              Heck, I even caught the installer for TurboTax, early this year, re-enabling Windows Update.

              If you want to TAKE control, you have to stay vigilant so that you can MAINTAIN control. Having to “get that geeky” is not going to be well received by everyone.

              The ONLY “set it and forget it” solution is to go “full Microsoft”. And like the old saying goes, “you never go full Microsoft”. 🙂

              -Noel

              3 users thanked author for this post.
            • #128477

              As ch100 mentions, even if you turn things off there are influences that try to (and sometimes succeed to) turn things back on. Scheduled tasks, other services, even the Windows Update process itself. Microsoft ACTIVELY wants to take control, under the guise of “it’s for your own good”.

              I think disabling BITS might aid in preventing that? (as well as WU) Or at least, it did in earlier versions, and was also suggested recently by MS tech support for one WX machine that was being slammed with forced updates during a deadline work period.

        • #128360

          @ … Wombat,

          The China Government Edition will use these manageability features to remove features that are not needed by Chinese government employees like OneDrive, to manage all telemetry and updates, and to enable the government to use its own encryption algorithms within its computer systems.

          https://blogs.windows.com/windowsexperience/2017/05/23/announcing-windows-10-china-government-edition-new-surface-pro/

          In Win 7/8.1, you could. In China, in Win 10, you likely could.

          The point is that it is possible for M$ to set Windows Update in Win 10 to Manual by default.

        • #128366

          Just keep Automatic Updates on and stop listening to anonymous experts.

    • #128381

      This is a Forum, a place where ideas and views on a particular issue can be exchanged. It is not a bully pulpit. The purpose is to facilitate the debate, not shut it down. Disagree or challenge a poster’s position and others will learn from the exchange. To sink to an ad hominem attack is disrespectful and abusive.

      4 users thanked author for this post.
    • #128387

      It’s all a matter of risk management.

      And choosing whether to maintain control.

      If there were NO RISK in ceding control of the management of the operating system of your computer or device to Microsoft, all this would be a no brainer. Of course you would want a huge corporation to completely take over ongoing maintenance.

      But there IS RISK… It’s not a perfect world. And therein lies the problem.

      Taking updates might just break something. Having Microsoft change your system on their schedule might just disrupt your needs for your computer or device at a given time.

      So…

      Maintaining control can be very good for you. There are those of us who have worked hard to stay in control, and we can indeed cite a number of advantages to having done so. I personally haven’t had to do without my computers’ functionality unexpectedly, except for during a long power outage during a hurricane, for a VERY long time.

      It’s NOT a no-brainer. We just have to learn how to manage our systems in order to manage them well – better than Microsoft. That’s actually doable.

      Woody – and the fine folks who frequent this site – are here to help you learn.

      -Noel

      8 users thanked author for this post.
    Viewing 16 reply threads
    Reply To: The case against Windows Automatic Update

    You can use BBCodes to format your content.
    Your account can't use all available BBCodes, they will be stripped before saving.

    Your information: