With Patch Tuesday imminent, get Windows Update locked down

Every month we see the same pattern: Microsoft releases its Patch Tuesday regimen; the blogosphere flies into a frenzy about security holes that have to be patched right now; some patches have bugs; Microsoft fixes many of them in a week or two, warns about others, and stays mum on far too many.

Normal Windows users are left in the lurch. On the one hand, you have the threat of imminent malware mayhem. On the other, you have the threat of poorly tested patches. Wash. Rinse. Repeat.

It’s been like that for years. Don’t believe it? Computerworld has month-by-month details for the past three years starting here.

Meanwhile, the raging zero-days — the patches that are released with known in-the-wild exploits — make for great headlines. But they rarely, if ever, find their way into working exploits right away. It takes months, or even years, for new exploits to appear in malware that affects you and me. 

If you’re working with nuclear launch codes or top secret government communication, it’s another story of course. But for normal people, the threat from bad patches greatly exceeds the threat from freshly patched security holes.

To be sure, you have to get patched eventually. Some systems at high risk (for example, Windows DNS Servers two months ago) need to be patched right away. But for the vast majority of Windows users, waiting a couple of weeks to get the latest patches applied doesn’t hurt a bit — and it gives Microsoft a chance to fix the bugs they invariably introduce.

If you don’t do anything, you get to beta test the patches as soon as they come out. But if you temporarily pause updating — using a setting first introduced in Win10 version 1903 — you can sit back and watch as the pioneers take one for the team.

Blocking automatic update on Win7 and 8.1

Copyright © 2020 IDG Communications, Inc.