2

Disclaimer: This question originated the following one: Can the mandatory update policy in windows 10 generate momentum/oportunity risk?; With the purpose to divide one broad question in two specific ones, coincidentally originated due to the same policy. Thus, expecting quite different answers. Please, do read both questions before starting to scream "duplicate".

In order to analyse if I'll update all my computers working on windows I came across the the following setback.

I have the home versions of windows and by updating to windows 10, I'll receive the basic version. On which I'll loose total control of the updates that are installed.

The first problem that crosses my mind is "what if a bug is added to the system that messes up the startup? Or a security vulnerability is added to the system?"

In previous versions of Windows, I removed auto-updates for a reason. And furthermore I currently do not update the PC right after an update is released, I normally wait at least a week for feedback and bug fixes.

What will my exposure be to security issues and how can I avoid it?

Community
  • 1
CMPSoares
  • 145
  • 5
  • 1
    [How to temporarily prevent a Windows or driver update from reinstalling in Windows 10](https://support.microsoft.com/en-us/kb/3073930) a tool from Microsoft – Moab Aug 02 '15 at 01:32
  • Thank you @Moab but this doesn't fix my momentum risk. I.e. update causing issues close to the deu date of an academic project. – CMPSoares Aug 02 '15 at 11:39
  • You can avoid all this by stopping updates, just because the web says you can't means nothing, there has always been many ways to disable the update system , via the service, or via using the windows own firewall even, or even by altering a few things. The web was presenting some of the change information from the other system, where a simple GUI button was changed, It really has little to do with the methods that more assuredly stopped the updates from continuing. Programs, services, web connections, they are still there. – Psycogeek Aug 05 '15 at 04:14

1 Answers1

3

Security updates achieve 2 things: 1. They fix vulnerabilities, usually previously unknown. 2. They make every attacker aware of what the vulnerability is.

Releasing a patch makes unpatched systems less secure. A patch might add a new unknown vulnerability, which might be exploited. But by not installing a patch you decide to keep a known vulnerability, which will be exploited.

You can block updates even with the Home version in various ways, for example with a firewall.

Peter
  • 4,552
  • 5
  • 28
  • 33
  • Thanks for the answer but that's not what I'm asking @Peter. I'm worried with momentum risk, not being able to control when the update is most convenient to me. I clarified this matter in my question. – CMPSoares Aug 02 '15 at 00:38
  • How com I block or manage updates with a firewall? It is the core of question, please specify these methods to block updates. – CMPSoares Aug 02 '15 at 11:32
  • @CMPSoares The title of your question only asks about security issues. the body of the question also asks about security. You may want to edit that. There is always a risk that an update messes up your installation and you need to load a restore point, wasting 15 minutes in the process. Here's a list of the domains you want to block: http://serverfault.com/questions/82981/best-way-to-block-windows-workstations-from-receiving-microsoft-updates, or you could try to block wuauclt.exe – Peter Aug 02 '15 at 15:08
  • You're right I will separate my question in two more precise ones tomorrow. – CMPSoares Aug 03 '15 at 01:08
  • Hey @Peter I updated my question separating it in to two questions. To make each more specific. – CMPSoares Aug 05 '15 at 00:01