The Case for Turning Off Auto Updates in Windows 10
Auto Update’s an unnecessary risk for people who know how to use Windows 10 and who keep current with Windows developments. If you’re knowledgeable enough to perform basic Windows 10 upkeep, you should seriously consider taking Windows patching into your own hands and turning off auto updates.
The core problem: Microsoft still hasn’t figured out how to deliver reliable Windows patches. Patch Tuesdays have turned into massive beta-testing grounds where bugs crawl out of the woodwork and attack in unpredictable ways. With a few notable exceptions, it’s tough to blame Microsoft for the mayhem — patching the mess everyone know as Windows, in all its varied glory, is an NP-complete problem (that is, it’s “technically hard”). If everybody skipped Automatic Update, we’d be in an unholy mess. But folks who are willing and able to read the tea leaves don’t need to expose themselves to the risks of marching in lock-step with the Auto Update cadence.
Few bad patches are particularly debilitating for Windows 10 users, but they’re a pain in the neck for some and positively agonizing for the unlucky. More to the point, the problems are avoidable if you just wait a couple of weeks for problem reports to die down and for Microsoft to get its patches patched.
Even if Microsoft isn’t at fault — and if frequently isn’t — the pointed finger comes as small consolation to folks who have their days disrupted by a weird conflict or their products clobbered.
Patches are important, but you don’t need Automatic Update to do them. Of course, you have to get patched eventually; you just don’t want to be in that initial unpaid beta-testing phase.
Certainly the wait-and-watch approach has downsides. Foremost among them: If Microsoft patches a vulnerability in Windows 10 or Office and malware appears very quickly to take advantage of a previously unknown security hole, those who are deferring updates may be caught flat-footed.
That’s happened in the past, but it has become uncommon. Sure there are patches for zero days — Windows Update patches for security holes with known exploits — but this is a horse of a different color. Microsoft did a good job obfuscating its descriptions and preventing its patched code from fast reverse engineering. Could a massive reverse-engineered wave of malware roll out on some future Wednesday? Yes, and if it does, Automatic Update will save the day.
As with everything associated with patching Windows 10, there are pros and cons. You have to weigh the possibility of a giant, quickly reverse-engineered attack against the certainty of buggy patches. History shows that the risk of blind patching on day one greatly exceeds the risk of delaying for a couple of weeks.
If you aren’t particularly good at Windows 10 or you don’t want to take the time to keep your machine fed (or both), use Automatic Update. That part’s easy because you don’t have to do anything. Windows 10, all by itself, will feed you patches as Microsoft releases them.
If you do run a Windows update and then change your mind, you can always undo the update.