The last question is easy to answer: yes.
Yes, you absolutely should keep Windows 10 as up to date as possible.
I know there are those who disagree. Some go so far as to seek out ways to prevent Windows 10 from updating itself.
Let’s look at why they feel that way, and what I believe you should do.
Become a Patron of Ask Leo! and go ad-free!
Windows Update automatically makes sure Windows 10 is up to date and as secure as possible. You can mitigate any perceived risks with regular backups, but letting Windows Update do its job automatically and regularly is a key component to keeping your computer safe from malware and other threats.
Vulnerabilities & updates
The issue is common to all software: nothing is perfect. All software has bugs, period, no exceptions.1
While many bugs are inconsequential, some make the software vulnerable to exploitation by people trying to do something bad: like hack into your system, steal your data, use your computer to send spam, or worse. These bugs are often referred to as “vulnerabilities”, and the software taking advantage of them is termed “malicious software”, or simply “malware”.
When vulnerabilities are found, software manufacturers release updates fixing (or “patching”) the bug.
It’s important that users of affected software install those updates when they’re made available.
Unfortunately, some individuals do not install updates, for a variety of reasons. This leaves their computers vulnerable to more and more malware, even though the associated bugs the malware can exploit have been fixed.
Windows Update is Microsoft’s solution to update distribution and installation.
It runs in the background, periodically checking for updates to Windows2 that apply to your machine’s particular configuration. When available updates are found, Windows Update downloads and installs them automatically.
It’s not uncommon for updates to require your machine to be rebooted. Software cannot be updated if it’s in use. That means in order to update core components of Windows itself, Windows needs to shut down briefly. That’s a reboot.
Updates & failures
I said earlier that all software has bugs.
Updates are no exception. They are software, so they could have bugs. The update process itself could have bugs.
The net result is from time to time, or perhaps from person to person, Windows Updates are sometimes considered “risky”. There’s a perception that with any update, there’s a risk your machine could become less stable. In the worst cases, Windows updates have completely crashed the machine on which they’ve been installed.
That bad reputation — warranted or not — has had serious, long-term consequences.
Perception and reality
Windows 10 is installed on close to, if not over, a billion machines world-wide. That means when there’s even a hint of a problem, it makes headlines everywhere. The size or scope of the problem is immaterial to the headline writers — every failure is treated as a big deal, if not a disaster.
To be fair, even if one tenth of one percent of all Windows 10 machines suffered a failure due to Windows Update, that’s still a million machines. That’s a lot.
And yet, everything else being equal3, you run only a 1 in 1,000 chance of having a problem.
Still, because of headlines and reputation, some users delay updates to what they consider a safer time — a few days or weeks later. In some cases, they try not to take updates at all.
Malware authors approve. To them, delaying or skipping updates means once a vulnerability is discovered, they can continue to write and circulate malware to exploit it, because they know not everyone will take the update to fix it. If you pay attention to notifications of large data breaches in the news and dig deep enough, you’ll often find that hackers gained access via a vulnerability for which a patch had been made available, but had not yet been applied.
Applying updates regularly remains the best approach to keeping your system secure and up to date. I continue to recommend you let Windows update itself automatically, so you don’t have to take any action at all.
Windows 10 and forced automated updates
Windows 10 originally had no option to delay updates in its consumer (“Home”) editions. Updates were downloaded and installed automatically.
In a perfect world, this would be a perfect solution. Unfortunately, we do not live in a perfect world.
There have been two major issues:
- While the stability of Windows updates have improved over time — fewer and fewer updates cause significant problems — some Windows 10 updates, at least initially, seemed a step backwards. Reports of people having problems after an update seemed to increase.
- Updates requiring a reboot would indeed reboot, often at an inconvenient time.
The stability of updates appears to be improving once again, and Microsoft has made additional options available.
In Settings, Windows Update, you’ll find an option to “Pause updates for 7 days”.
This is particularly useful if your computer usage is about to be particularly sensitive or important; you know you won’t be impacted by an update.
Similarly, Microsoft added the concept of “active hours”.
This allows you to tell Windows Update when you normally use your computer. It will not reboot the computer during this time.
In Advanced Options, you’ll find the following options.
- “Show a notification when your PC requires a restart to finish updating”. This allows you to control when your machine will reboot, allowing you to save your work and make sure nothing will be negatively impacted by the reboot.
- An option to “Pause updates”. This is the same as the setting above, but allows you to pause updates for up to 35 days if need be.
The bottom line is that Microsoft really, really, REALLY wants you to keep your machine as up to date as possible.
And so do I.
It’s all about risk management: trading off the risk of a misbehaving update to the risk of having an unpatched vulnerability exploited by malware.
The good news is, we know how to manage risk.
For all versions of Windows, my recommendation remains:
- Back up regularly. Ideally, perform system image backups as I’ve outlined in several articles. Then you’re protected from any kind of failure, be it hardware failure, a crashed disk, malware, or even a troublesome Windows update.
- Configure Windows to notify you when a restart is required, and restart as soon as is practical. This places the restart and its impact completely under your control.
- Don’t delay updates if you don’t have to, and if you do, choose the smallest length of time you can. This minimizes the length of time you leave your machine exposed to known vulnerabilities.
- Don’t try to disable Windows Update. It’s critical to your safety.
In my opinion, this is the safest approach to managing a wide variety of risks related to using your computer — not just the risks of a failed update.
Footnotes & References
1: If someone claims a particular bit of software has no bugs, then either they haven’t yet found the bugs, or they’ve dismissed some erroneous or unexpected behavior (aka a bug) as not rising to the level of being called a bug. It’s still a bug.
2: And optionally, other Microsoft software.
3: With no specific characteristics to refine the number, it’s 1 in 1,000. However, it often becomes quickly apparent that a failure applies to certain machines, or certain characteristics of machines, meaning you can much more accurately judge the risk you actually face. Typically, you have even less risk than 1 in 1,000.