What is more harmful -- installing or skipping updates?

Hi everyone:

I started thinking about something. We all hear these days that updates are important and that by updating we protect our systems from online threats such as zero-day-vulnerabilities, etc. But recently I started thinking about risks and benefits of installing updates.

So my question is what is more harmful for an average user:

A) Installing updates as they come out, or
B) Skipping updates?

Let's review my recent experiences. I personally deal with the following devices: Windows 7 desktops at work, iPhone and iPad for personal use.

Nov, 2015: After installing Windows 7 updates that came out on that "update Tuesday", Microsoft Outlook Office Home and Business 2010 started crashing sporadically while opening some emails. The problem could be reproduced on all Windows 7 workstations involved in our office. As it later turned out, Outlook, being one of the central applications used for business, was almost incapacitated for about a day by KB3097877. The issue was resolved the next day by uninstalling KB3097877.

Earlier, 2015: After updating from iOS8 to iOS9 on my iPad, I lost the ability to play video podcasts via full screen, as well as to fast-forward using the Apple Podcast app. The issue is still not resolved today.

Earlier, 2015: After upgrading iOS on my iPhone I lost convenience of familiar buttons in the music app in favor of Apple Music, that is totally useless to me. The issue is still not resolved today.

Earlier, 2015: By updating to Windows 10, (one of the people I know) lost the ability to use his Windows Media Center application.


Now let's see, what else happened.

Have we ever gotten a virus or a malware on our Windows 7 desktops at work? Nope. Not a single one for the last 5 or so years that Win7 was out. We don't pay for antivirus. We use Microsoft's Security Essentials. All computers have GPOs installed with white-listing of applications that are allowed to run. The default web browser, IE, is configured not to play Flash, and most of its plug-ins are disabled. PDFs are opened via Google Chrome browser. All employees are instructed not to open emails with attachments or click links in the emails.

I have never gotten a virus on my iPhone or iPad.

So what is the chance that a zero-day vulnerability will affect an average Joe vs. the inconvenience, lost time, and monetary cost involved in fixing damages caused by updates? Does the former really outweigh the latter?

I have AVG CloudCare (free with my new computer, 8 months old - I will get something different soon). I got a big black window warning of a MSIL trojan which was neutered. I think that if I did not have the antivirus on I could have been in trouble.

I have had trouble, once, immediately after installing a Windows update, about 2 months ago. But I don't think I want to skip them, nor go without malware protection. I'm too cautious.

You should ALWAYS download important "security related" updates , i don't think anyone would disagree with that .

As for other updates like recommend and optional thats up to you but recommend can also be important . Win 10 stuff has made people think twice about that though.

jonnyhillow said:

You should ALWAYS download important "security related" updates , i don't think anyone would disagree with that.

Actually, Woody Leonhard, who carved out a niche for himself keeping watch on bad Windows Updates, disagrees with that. He says that some of the worst WU disasters have been with "security" updates. That's the whole point of his MS-DEFCON warning system.

He doesn't say you shouldn't install them. Just that you shouldn't do so right away, but wait for his green light (depending on your situation), which he gives (or not) after feedback from users (and his own research).

Basically, right now, he says there's no clear-cut option. You're caught between a rock and a hard place. The old days of blindingly trusting Microsoft are gone (for now).

His last two MS-DEFCON advisories are here and here. He has just warned about a catastrophic "security" update which broke Outlook and access to the network, yesterday or the day before. MS silently issued a patch to the patch a few hours later, but as if to confuse everybody, it had the same KB number. And some users still report it breaks their systems.

Thanks, guys. What I'm saying is that for the last 5 years or so, I had to fix or sustain damage caused by multiple updates (that would either break stuff or take away features) while I had no damage that was caused by viruses or malware. That's all that I'm saying.

As for effectiveness of AVPs, they are ALL useless. The difference is in marketing and customer service. As for their effectiveness, then they have about 60% "catch rate" for older malware and almost 0% for new malware. And if you go with the free ones (like AVG and such) they harvest your data for their "whatever" purposes. (Mostly to sell to advertisers to recoup the cost of "free" AVP.) So, my answer to that is, "No, thank you!"

Clairvaux said:

jonnyhillow said:

You should ALWAYS download important "security related" updates , i don't think anyone would disagree with that.

Actually, Woody Leonhard, who carved out a niche for himself keeping watch on bad Windows Updates, disagrees with that. He says that some of the worst WU disasters have been with "security" updates. That's the whole point of his MS-DEFCON warning system.

He doesn't say you shouldn't install them. Just that you shouldn't do so right away, but wait for his green light (depending on your situation), which he gives (or not) after feedback from users (and his own research).

Basically, right now, he says there's no clear-cut option. You're caught between a rock and a hard place. The old days of blindingly trusting Microsoft are gone (for now).

His last two MS-DEFCON advisories are here and here. He has just warned about a catastrophic "security" update which broke Outlook and access to the network, yesterday or the day before. MS silently issued a patch to the patch a few hours later, but as if to confuse everybody, it had the same KB number. And some users still report it breaks their systems.

OK, i see what your talking about, that has never happened to me or anyone i know but never say never.

I still would never advise against installing important security updates to anybody , if they want to wait thats up to them as it's their computer .

When i first started with computers it was always pounded into my head to install all important windows updates immediately and this was told to me by Shane . the owner of PC Win tech and Tweaking.com , Wilder's security forum helpers and mods , two separate moderators at Gizmo's freeware , Chaslang from Majorgeek's , Geeks to Go malware and tech support and quite a few people at Bleeping Computer .

This was of course before what you linked to but again mishaps can happen at anytime , do i feel people should skip installing patches for serious security vulnerabilities and wait it out , i do not , if people feel differently i understand and respect their opinion.

I don't doubt some windows users have problems with updates but there is also a ton of people who have not experienced any issues at all .

Thanks for your links and comments .

dc2000 said:

We use Microsoft's Security Essentials.

That's what I used to do for a long time, following widespread advice. Then, a few weeks ago, because I had to reinstall, I did some fresh research, and realised that MSE got catastrophic results from several reputable anti-virus benchmarks, to the point that Microsoft had asked them to please not rate it anymore against its competitors. However...

dc2000 said:

All computers have GPOs installed with white-listing of applications that are allowed to run.

Might not that be the main reason why...

dc2000 said:

Have we ever gotten a virus or a malware on our Windows 7 desktops at work? Nope. Not a single one for the last 5 or so years that Win7 was out.

Whitelisting applications seems a pretty radical method to me. Not saying that it's wrong in your case, but isn't that an approach best suited to corporate environments ? The individual user, especially if he's a geek always experimenting with software, cannot do that. And Windows 7 Home Premium doesn't have Group policy anyway.

That being said, modern free anti-virus has to be taken with a grain of salt. I have installed Avast, and, regardless of the core qualities of the product (which scores very well in specialised benchmarks), you need to keep a healthy dose of disbelief when it throws certain alarming warnings at you : YOUR COMPUTER IS SLOW ! WE'VE DISCOVERED 237 USELESS PIECES OF SOFTWARE ON IT ! CLICK HERE NOW TO GET RID OF THEM ! That, on a squeaky clean fresh install of Windows. Of course, that's how they can bully you to opt into the the paying version, whose extra "features" seem rather useless to me.

Having your own anti-virus using malware developers' methods against you is unsettling, to say the least.

However, the scale and nastiness of the malware industry is vastly bigger than what it was one or two decades ago, and having read Microsoft's Security Essentials comically bad benchmark reports, I don't feel safe anymore trusting my PC to it.

Clairvaux said:

dc2000 said:

We use Microsoft's Security Essentials.

That's what I used to do for a long time, following widespread advice. Then, a few weeks ago, because I had to reinstall, I did some fresh research, and realised that MSE got catastrophic results from several reputable anti-virus benchmarks, to the point that Microsoft had asked them to please not rate it anymore against its competitors. However...

dc2000 said:

All computers have GPOs installed with white-listing of applications that are allowed to run.

Might not that be the main reason why...

dc2000 said:

Have we ever gotten a virus or a malware on our Windows 7 desktops at work? Nope. Not a single one for the last 5 or so years that Win7 was out.

Whitelisting applications seems a pretty radical method to me. Not saying that it's wrong in your case, but isn't that an approach best suited to corporate environments ? The individual user, especially if he's a geek always experimenting with software, cannot do that. And Windows 7 Home Premium doesn't have Group policy anyway.

That being said, modern free anti-virus has to be taken with a grain of salt. I have installed Avast, and, regardless of the core qualities of the product (which scores very well in specialised benchmarks), you need to keep a healthy dose of disbelief when it throws certain alarming warnings at you : YOUR COMPUTER IS SLOW ! WE'VE DISCOVERED 237 USELESS PIECES OF SOFTWARE ON IT ! CLICK HERE NOW TO GET RID OF THEM ! That, on a squeaky clean fresh install of Windows. Of course, that's how they can bully you to opt into the the paying version, whose extra "features" seem rather useless to me.

Having your own anti-virus using malware developers' methods against you is unsettling, to say the least.

However, the scale and nastiness of the malware industry is vastly bigger than what it was one or two decades ago, and having read Microsoft's Security Essentials comically bad benchmark reports, I don't feel safe anymore trusting my PC to it.

Wow, i am not used to hearing that , all i have heard over the years is how great MSE is , good to know thanks.

Many are claiming the new Defender for Win 10 is superior but when asked why i have not received responses.