The last question is easy to answer: yes. Yes, you absolutely should keep Windows as up-to-date as possible.
The good news is that in most recent versions of Windows, you need do nothing. Windows will update itself regularly.
The not-so-good-news? In Windows 10, it’ll do so whether you want it to, or not.
Let’s look at how we got here, what “here” really looks like, what control you do or do not have, and what I believe you should do.
Vulnerabilities & updates
While many bugs are minor and inconsequential, some make the software vulnerable to exploitation by people trying to do something bad – like hack into your system, steal your data, use your computer to send spam or worse. These bugs are often referred to as “vulnerabilities“, and the software that takes advantage of them is termed “malicious software”, or simply “malware“.
When vulnerabilities are found, manufacturers release updates to their software that fix (or “patch”) the bug.
It’s important, then, that the users of affected software actually take the steps to install those updates when they’re made available.
Unfortunately, particularly early in Windows history, individuals often did not install updates, for a variety of reasons. This left their computers vulnerable to more and more malware, even though those bugs had been fixed in subsequent updates.
Windows Update is Microsoft’s solution to the update distribution and installation problem.
It’s a service that runs in the background, periodically checking for updates to Windows2 that apply to your machine’s particular configuration. When available updates are found, Windows Update can do several different things, depending on how it’s configured.
- It can simply notify you that updates are available. You are still responsible for taking the next step: downloading and installing them.
- It can download the updates that apply to your computer and notify you they’re ready to be installed. You are still responsible for taking the next step: actually installing them.
- It can download the updates that apply to your computer and install them automatically, according to a schedule that you specify.
The reason that schedule is important is that it’s not at all uncommon for updates to require your machine be rebooted. Software cannot be updated if it’s actually in use. That means in order to update core components of Windows itself, Windows needs to shut down briefly for the update to be possible. That’s a reboot.
Updates & failures
Earlier, I said: “The issue is common to all software: no one is perfect. All software has bugs, period, no exceptions.”
Updates themselves are software, and in turn could have bugs. The update process itself could have bugs.
The net result is that for a time, Windows Updates themselves were considered “risky”. There was a perception that with any given update, your machine could become less stable. In the worst cases, there were Windows updates that actually completely crashed the machine on which they’d been installed. That bad reputation – whether warranted or not – has had some serious and long-term consequences.
Failures to update
Because of that bad reputation, some computer users would delay their updates to what they considered to be a safe time – after some period of time had passed that allowed them to feel confident that the update would not harm their machine.
Others stopped taking updates altogether.
Needless to say, the authors of malware approve. To them, delaying or skipping updates means that once a vulnerability is discovered, they can continue to write and circulate malware to exploit it, because they know that not everyone will take the update that fixes it.
Applying updates regularly remains the best approach to keeping your system secure and up-to-date. I continue to recommend that you let Windows update itself automatically, so you don’t have to take any action at all. As we’ll see in a moment, Microsoft agrees – strongly.
Perhaps a bit too strongly.
Windows 10 and forced automated updates
When Windows 10 was released, the options to delay updates were removed from the consumer editions of the operating system. Updates are downloaded automatically and installed automatically.
In a perfect world, this would be a perfect solution.
Unfortunately, all software has bugs, and the result is there have been two major issues:
- While the stability of Windows updates had been improving over time – fewer and fewer updates actually cause any significant problem – some Windows 10 updates, at least initially, seemed a step backwards. Reports of people having problems after an update seemed to increase.
- Updates that required a reboot would indeed reboot, often at an inconvenient time.
The stability of updates appears to be improving once again, but Microsoft has also made additional options available.
In Settings, Windows Update, Advanced Options, you’ll find the following:
- An option to “Notify to schedule restart”. While the alternative “Automatic” remains Microsoft’s recommended setting, “Notify…” allows you to control when your machine will reboot, and thus allows you to save your work and make sure that nothing will be negatively impacted by the reboot.
- An option to “Defer upgrades”. Note that an upgrade is not the same as an update. Deferring upgrades will delay the arrival of new features and functionality in Windows, but it will not delay the download and installation of bug fixes and security updates.
But the bottom line is that Microsoft really, really, REALLY wants you to keep your machine as up-to-date as possible.
And I agree.
Recommendation: managing risk
Honestly, it’s all about risk management, trading off the risk of a misbehaving update compared to the risk of having an unpatched vulnerability exploited by malware.
The good news is, we know how to manage risk.
For all versions of Windows, my recommendation remains:
- Back up regularly. Ideally, perform system image backups as I’ve outlined in several articles. Then, no matter what, you’re protected from any kind of failure, be it hardware failure, a crashed disk, malware, or even a troublesome Windows update.
- If it’s an option, configure Windows to automatically download all updates, both for Windows and other Microsoft products.
- If it’s an option, configure Windows to notify you when updates are ready to install. If it’s not an option, then at least configure Windows to notify you to schedule any restart required after automatically installing updates.
- Regardless of what notification you get, act on it as soon as is convenient. Install the updates and reboot as needed.
In my opinion, this is the safest approach to managing a wide variety of risks related to using your computer – not just the risks of a failed update.