If and when should you update Windows? I have been wrestling with this question as I know many of you have. What follows is my personal opinion.
Why do we update Windows?
1 – Bugfixes
2 – New features
3 – Security patches
Although many computers have issues from time to time, by the time Microsoft issues a bugfix many folks (or the Geeks who take care of their computers) have already Googled a work-around.
Lets use Win10 as an example. For me (and I believe that majority of Windows users), there has not been a single new feature I have been interested in since it was released.
Here is THE issue. When is the security threat bad enough that you NEED to update? Some folks say always, some say never. The truth is it depends.
What do you do on your computer? Web surfer? Social network warrior? Gamer? Multimedia processing? Multi-use?
How exposed are you? Are you networked? Do you click on links in emails? Do you not use an ad blocker? Use a torrent network? Visit questionable websites?
Are you lucky? There are computers that are locked down and patched that get hacked. There are computers still running Windows XP that don’t.
It seems like every update borks someones computer. Some folks are quick with a nonsensical “only a few computers” or “didn’t happen to me” response. However, over time the likelihood that this will effect you increases. There are many, many reports of updates leaving machines unusable or unbootable.
*sidebar – I love the “I didn’t notice a difference in performance” comments people make. To me all this means is you don’t max out your computer.
Meltdown & Spectre Patches
There are many benchmarks showing these patches hose machines or hurt performance. I measured the impact on my main computer here: Meltdown & Spectre Updates Benchmarked.
AFAIK to date there is no known Meltdown or Spectre attack in the wild.
All Windows updates are now cumulative. These are packaged in a “Monthly Rollup”. What this means is that every previous update is rolled in to the new update. Unlike earlier update methods, with cumulative updates you cannot uninstall and/or hide the one individual patch that may be causing you issues. It’s all or nothing.
Here is Microsoft’s Definition:
Definition: A tested, cumulative set of updates. They include both security and reliability updates that are packaged together and distributed over Windows Update, WSUS, System Center Configuration Manager and Microsoft Update Catalog for easy deployment. The Monthly Rollup is product specific, addresses both new security issues and nonsecurity issues in a single update and will proactively include updates that were released in the past. Security vulnerabilities are rated by their severity. The severity rating is indicated in the Microsoft security bulletin as critical, important, moderate, or low. This Monthly Rollup would be displayed under the title Security Monthly Quality Rollup when you download or install. This Monthly Rollup will be classified as an “Important” update on Windows Update and will automatically download and install if your Windows Update settings are configured to automatically download and install Important updates.
OK, OK. But Should You Update?
– You need to delay installing ALL updates until you find out if you are safe.
The easiest way to do this is to visit AskWoody and watch his MS-DEFCON System. Woody and the folks that hang out there are very knowledgeable in this area and you will not find a site with better advice on this topic.
What I’m Doing
My main computer uses Win10 and I keep it patched so that I know what is going on with Win10.
My Windows 7 laptop is fully patched as is my wife’s Windows 7 web surfer.
I have 4 other older Windows 7 computers in my house and have not patched any of them since December.
I know many of you are reading this because you wanted a simple answer. I am truly sorry that I cannot give you one. That is where Microsoft has left us.