This one’s easy: I love automatic updates.
Let me explain why, and how to make sure your automatic updates are safe and doing what you think they are.
I’ll also explore one area where things have gotten worse instead of better over the years.
Become a Patron of Ask Leo! and go ad-free!
Anti-malware: absolutely
I strongly believe automatic updates for anti-malware tools are an absolute must. There are simply so many changes – quite literally every day, sometimes multiple times a day – that keeping them up to date is a must. Doing it automatically is by far the easiest and most reliable way.
The issue with anti-malware tools is what I call “the race”. Those who create malware do so constantly. Anti-malware tool vendors are always playing catch-up. They’re constantly updating either their tools, or the databases of malware information, so they can catch even the most recent threats.
Making sure your anti-malware tools have not only the most recent versions of software, but also the most up-to-date versions of the malware database, is critical to staying safe and secure.
Doing so automatically is by far the best approach when it comes to your security.
Applications: yes, please
I treat application updates somewhat differently. I want automatic notification of updates and new versions. This means:
- The update notification should be a true notification – not an every-so-often “do you want to check for updates now?” Automatically check it for me, and bother me only if there is something I should be aware of.
- The update notification should tell me what it is, and what it’s going to do for me, including how important or critical the update might be – in terms I can understand.
- I should be able to choose to delay the update and be reminded to install it later. Updates can interfere with work in progress, or have other adverse impacts, so allowing me to choose when they happen is important.
- I should also be able to choose not to install the update at all, at least until the next new update becomes available.
There are some software packages that offer everything I’ve described, and I really do appreciate them. Sadly, most offer incomplete mixtures of those features.
Most often, I do accept the updates.
I also believe that’s exactly what the average user should do. You should not be required to understand what each individual update is about. In most cases, “just take ’em” is my general recommendation.
Windows: Oh, Windows….
Updates to the Windows operating system are a special case, and unfortunately not a good one. Windows update is a case of things getting worse, rather than better.
If you walk that list of functionality I want from applications, you’ll note that the most recent versions of Windows fail miserably.
- There’s no notification that updates are available. (Only that it’s time to reboot after they’ve been installed.)
- There’s almost no information about what the update includes, and certainly not in language the average user can understand.
- The ability to delay an update has been severely crippled.
- The ability to avoid an update has been removed.
Windows has gone to the other extreme: you will take all updates as they’re made available. Period. At best, you can set up a time window during which your machine won’t reboot, to avoid those middle-of-a-presentation frustrations.
What’s frustrating is that in an ideal world, that would actually work. But Windows has proven time and time again that we don’t live in an ideal world. Updates can cause problems. Updates can happen at inopportune times. Updates can absolutely feel forced on you … because ultimately, they are.
Automatic updates are a good thing when they work, and work reliably. Windows has yet to achieve that bar.
Automatic updates and security
As for your concern about security, I’m not terribly concerned.
Most automatic updates are handled through the same mechanisms your web browser uses to visit web sites. The result is that for most instances, you’re not “opening up” any additional vulnerabilities by enabling automatic updates. As long as you’re dealing with reputable vendors, the chances of “automatically” downloading malware is next to zero.
You’re at much greater risk if you’re not behind a firewall, visit a malicious web site, or mistakenly click on an emailed attachment.
Or you don’t take updates.
Sadly, Windows itself represents the biggest risk today, forcing you to take updates whether you’re ready or not, and having a track record that makes that unfortunately risky. All I can recommend to protect yourself here is to make sure you’re backing up regularly.
If you found this article helpful, I'm sure you'll also love Confident Computing! My weekly email newsletter is full of articles that help you solve problems, stay safe, and give you more confidence with technology. Subscribe now and I'll see you there soon,
Podcast audio
Download (right-click, Save-As) (Duration: 6:22 — 5.9MB)
Subscribe: Apple Podcasts | Android | RSS
Thank you Leo, I have read the article and found it very helpful.
In IE 6, under tools, there is “Windows Update”. I have mine set to check for updates every morning at 3 a.m. (when hopefully I am sound asleep).
Why do you “love” automatic updates when you don’t use them yourself? Personally, I much prefer be notified of updates, even though I, like you, always say Yes.
I do use them. The only exception is Windows Update, and it’s because I’m a geek and need to know what’s going on – as much for here on Ask Leo! as well as for myself. “Normal” people should have it auto-install. I love that too :-).
Apologies to others if this is a bit technical…
I’m a developer and I like the idea of automatic updates – it certainly helps to make sure users have problems fixed before they know about them, as well as making sure they have all the latest functionality.
My major gripe is that when automatic updates DO cause problems, they’re usually whoppers. Added to which, not all companies use an overly secure mechanism – it’s not that difficult to redirect a http (web) request to a different webserver – eg editing the hosts file (and yes, I know that’s not easy on someone else’s Pc but you can spoof DNS entries, poison routers/ARP caches, etc…).
Then, there’s nothing to stop Mr. Malicious just substituting the genuine update with their own code. Admittedly, Microsoft and some others use secure HTTP (same as banks) and MD5 hashing (for the non-technical think of it as a short list of letters and numbers that sum up the contents of a file – any change to the file means a different MD5 hash, so you can check that what you’ve downloaded matches what you expected to download – at least the software should do this internally) but there are still a large number of companies that do NOT use MD5 hashing, secure conenctions or anything else – which I personally find to be a HUGE security hole.
To make things worse, there’s already hundreds of programs that let you see what information is being passed back and forth between your computer and , which means anyone malicious can monitor the (legitimate) traffic on their own PC, deduce how it works and then substitute their own.
So I let anything notify me of new updates but if possible, I install them myself unless I trust the security used by the software company as well as the company itself – They may not be malicious but it doesn’t always mean they’re competent.
I have most of my apps set to update automatically where possible, except for Windows Update. that I have set to download and notify – but even when I select to Install it still downloads all the selected updates!
And they wonder why people hate Microsoft?
I have to disagree with you, just out of personal experience. Though I will acknowledge that updates are one of the surest ways to keep your machine safe. That’s technology for you.
I bought an HP G62 series laptop last December and since February of this year I have had to restore it to factory settings several times because of these wonderful updates, which, after a time, make the computer freeze irreparably…
I can only assume that that’s what causes my computer to overheat and in general act like a piece of worthless crap, since after restoring it I no longer have any personal programs. Nor do I visit sites or download content that would give me a virus (unless all of a sudden Facebook is a virus-ridden wasteland).
I’ve lost a lot of irreplaceable work and photos, and since I never know exactly when this piece of crap is going to go on strike, I can never prepare for it without losing a lot of work anyway. At this point I’d be better off with a typewriter, a netbook, or even a Macbook, which I have never owned before.
I agree on the importance of the updates but I caution anyone who is thinking of applying them in a manufacturing environment, or for that matter, any environment where you are using bespoke software that hasn’t yet been tested!
If you are not expert in I.T., blindly applying even MS monthly security updates has the potential to cause catastrophic problems with your applications, especially if they are not “off-the-shelf” packages: I have seen more than one situation where an update has been applied and caused something to stop working BUT as per the original article, in a home environment, I’d advocate taking nearly all. However, I usually start watching the net day the updates are released and for the following fortnight in case there are any problems with the update breaking windows- These will be tested and reported by others during that time. If you have more than one PC, I suggest you update one first, let it run for a few days and if there are no problems, update the others.
Never having trouble with Microsoft updates on my Windows 7 Ultimate machine before I had updates set to install auto and it cost me $120.00 to just to be able to get back on the internet because I lost most of my programs and files. I still had to take it back to factory condition after putting it in the shop. I now have updates set so I can choose what to install. I still don’t know which update caused me such grief but I wish I did as now I am afraid of all of them..
Haven’t seen any mention of regular backups so that we don’t lose any of our work or personal data. One question, do computer users let their machines run all the time to facilitate Updates, or turn the machines on when needed only.
ps. Thanks for creating this discussion, lots of plain talk on important issues.
Leo has more articles on backups than any other subject. Type “backups” into the Ask Leo! search field and you’ll find dozens of articles on the subject of backing up.
No need to keep your computer on all the time to get automatic updates. When you turn the computer on, it searches for and downloads the pending updates.
My Windows 10 machine always tells me they have scheduled a restart sometime in the middle of the night when I am not using it or I can manually restart it immediately. I guess I am just lucky from what I am reading about unscheduled restarts.
So you backup regularly, and that’s good.
Now Windows comes back as soon as you’ve restored your previous version and just does it again.
That’s not progress. then you are asked to visit a peer support site (Microsoft’s Community/Answers) where everyone is guessing what is wrong and few cross-reference for solved problems, leading to the same questions over and over with a lot of frustration to those that just got there and didn’t catch on.
It can take them awhile to figure out the loop they might be going through and that it could actually be partly related to the updating apps they installed for their hardware drivers being in a tug of war with Windows Update and what it sees as the solution.
I’m certain that this drives gamers and video enthusiasts NUTS when their screens go black etc.
So yes, I stuck with Windows 7 and I try to research the updates as much as I can. there is a link at the bottom right of the Windows Update list page that lead to a description page when you highlight the update you want to check out.
I may have 31 years experience using Windows but I still am not a major geek as to be able to troubleshoot so well. I wait for somebody to come up with an explanation or solve the problem(s) and move from there. If I see something I really don’t get or like I can postpone or hide it for a while. it always seems lately that MS is fixing the same 4-5 things over and over anyhow.
I’m pretty much committed to sticking with Windows 7 because I find the forced updates in Windows 10 unacceptable. But even the Win7 updates are changing to where it’s harder to be selective, with bundled ‘rollups’ taking the place of individual updates that could be vetted one by one. For those who want to retain control, it’s possible, but takes some work. A good resource is AskWoody.com — he has detailed instructions for getting just the updates you need.
For other programs, I also like the ‘alert me but let me decide’ option for updates. Like others here, I almost always do the update, but I dislike having it forced on me. My exception is my antivirus — that sits on auto and stays there.
In my situation, backups are no help at all. I have Win10 Home Edition, and googling the problem of unexpected restarts while still using the computer led to the information that that version no longer lets one specify restart times or configure updating in any way at all anymore. The fixes suggested by others to the problem of configuring how and when updates are received all involve the Microsoft Management Console, which is not functional in Win10 Home, and the command to start the MMC leads to a “search produces no results” error. It looks more and more that the only thing I can do is abort completely and install Win10 Pro, starting the long process of reinstalling all my programs over again, or else go back to Win7 (since I can’t stand 8). All a backup does is to back up the problem and repeat it.
What happens if Windows automatic update and Macrium Reflect image backup start running concurrently at the same time (2:00AM maybe a good example).
Even worse: suppose that Windows restarts before backup is finished. My problem is that not having control over Windows update I cannot fully avoid this problem. That is why I do not set up Macrium to do automatic backups. What I do is to ‘check for updates’ in Windows to force immediate update when available and then I start Macrium. What is left is to prey that a new Windows update does not come before the end. It comes at the cost however. Because this process is so annoying and time consuming I do my backups not as often as I would like. Any solutions?
If Windows restarts the computer during a backup, the backup will fail, but it won’t damage the backup set. The next backup should still work, and in the case of an incremental backup, for example, it would cover a 2 day period instead of a one day period.
Would a backup before a bad Windows 10 update do much good? As soon as you restore the backup, Windows 10 would reapply the bad update.
If you have malware on your machine, your backup would still be useful for restoring the data files after restoring the system from scratch. Restoring the data from the mounted virtual drive wouldn’t transfer the malware.
Did an update for Windows 10 this week of 10/11/16 This is what happened to my laptop:
1. Wireless mouse refused to load or work.
2. Over 25 App programs were installed on this pc
3. Some of the Apps I could not uninstall from CCleaner. 4 in all.
4. So I restarted my laptop and on restart my computer went to a black screen
5. Restarted three times & then got the repair screen out of the blue.
6. Tried to go to System Restore and go back in time but the computer said I had no restore points. I did have restore enabled so why did it say this? I don’t know.
4. Could not do a Startup repair. Got a message saying “Your PC ran into a problem and cannot start” were the exact words.
It tried three times to diagnose the problem but nothing seem to move after that.
This is when I was able to get to the repair screen or diagnose screen after several restarts and chose Troubleshooting and then “Go back to a previous build.”
It went back to the previous day and everything was working.
5. Had to uninstall 7 apps but they came back three times as soon as I looked for them again with CCleaner.
6. Along with the extra apps on the Taskbar, the Anniversary Update or AU resets some of your default apps to the Microsoft Recommended programs like Groove music so you have to go in and check that while you are tweaking the Anniversary update.
So it looks like I will not be getting the Anniversary update on this computer because I don’t want an hour or more of troubleshooting. I went into Services and turned off Windows Update then.
So hey, do what you want but I will not be updating this computer any more for the Windows program.
This is a general comment on your site. I like it, I learn things that I use, so I appreciate it. However, at some point you have made a change that becomes traversing the comments tedious. For example, the comments on this case go back to 2005. Are they relevant? Maybe but vaguely. Things that were important in 2005 are no longer an issue, so why include them? Technology has progressed way beyond those old issues. Please, revert to the way it was: comments on the current subject, not old stuff. I have better things on which to spend my time. I want to stay with you, but I am wasting time on old irrelevant stuff.
After Windows 10 Anniversary Update seriously affected the smooth running of my PC, I discovered the neat “Show or Hide Updates Tool” which has allowed me to prevent it from running, while allowing other Windows 10 updates to run. So, I have been operating with Home 10 Version 1511 for the past couple of months, trouble free (and fingers crossed of course).
I have Windows 7 and do not do automatic updates, except for my antivirus program. I want to see what I’m getting, so I let programs notify me when the updates are available. There are some programs that I have, such as shockwave or flash player, even Adobe that I have learned never to update automatically as I have learned most of them want to bring along a program that I don’t want. I have spent many hours trying to get rid of these unwanted programs. Yes, some of these have little boxes you can uncheck you don’t want this extra program, but I have learned they don’t always work, or they don’t always tell you.
As far forced updates on Windows 10, well, I will never use Windows 10.
Adobe has definitely become evil. Sneaking malware in with their updates is inexcusable. Almost everyone I’ve helped with their computer has McCrappy AV installed on their computer because of Flash updates. And after I clean it, they get burned again. I even let it slip through once myself. Steve Jobs tried to kill Flash, but unfortunately, that was one thing he was unable to accomplish. Foistware is bad enough when it comes with freeware, but almost nobody bothers to check when it comes as an update to a ubiquitous program like flash.
My suggestion to avoid Windows 10 & other Microsoft challenges is to use Linux. For whatever reason, malware creators don’t bother with Linux. It is a very easy basic system to work with.
No updates are not good for everyone we all know that. Everything from windows updates to Apple Watch. Updates go up to good to what happened to what I liked. Wait and read comments on updates and decide wether to update to save headaches in future.
We will stick with W7 for as long as possible — even after MS ceases updating. It is as stable as is available for the PC and, with our currently changed settings, does the needed job for us nicely. Missing is a convenient built-in partition-image backup app as is available externally.
Richard