Hacker Read top | best | new | newcomments | leaders | about | bookmarklet login

No, most people turned it off because they didn't want updates interrupting them. You are vastly overestimating who cares about "MS malware".


sort by: page size:

Its intentional. If people could easily turn off updates they would do that and the next critical vulnerability would cause millions or billions of damage because it can infect and then use all those private PCs to attack other systems and no sys admin is around to fix stuff. It would be a disaster and very bad PR for MS.

Not sure about millions but many do have update for Windows turned off, due to Microsoft's security-trust-destroying habit of deploying invasive and undesired non-security updates automatically.

Windows 10 especially has a nasty streak with updates, and while security updates are smart, forcing new content updates, advertisements, and spyware into the Tuesday fast track teaches users that the only way to be safe from Microsoft is to not take software from them automatically.


And the reason why people were suggesting to turn off Windows Update was precisely because of malware payloads directly from Microsoft.

"Do you want to upgrade to Windows 10? Press the hidden button to cancel, otherwise upgrade commences." This is how malware works.... But published and pushed by MS's own channels. And his jab at people who say that turning off WU is similar to anti-vaxxers is completely inane and false - we know the damage Microsoft has done to user's computers.

In reality, I'd rather they upgrade to Linux. Those machines wouldn't get bit by this, unless you run the executable with WINE. But I blame MS for being spammy and spyware-y and malware-y, which encouraged users to turn off harassing and onerous updates.


I do turn it off. Updates turn it back on. That is precisely the big deal.

Because many people can't fix it when that happens.

So they'll either infect their PC looking for a solution, or be told what they need, and how to do it.

By the way, updates are also linked to the Windows Store.


Microsoft is squarely to blame here. People would leave Windows update on if:

- it would not potentially brick their computer

- it would not install all kinds of spyware

- it would be a net benefit to the user

- it would not be used to further MS's business goals at the expense of the users

Telling people not to turn of Windows Update is putting the horse behind the cart: Tell Microsoft to start respecting their users, then tell people to turn on Windows update.

Fat chance of that happening though.


I don't think this is the reason why most people (non tech savvy) look to turning off Windows Update.

Most people don't know/care about Windows Update pushing features.

However most people DO care when their computers spontaneously reboot themselves with no warning (sometimes even in the middle of "active hours"!) which is what msft has set by default (and indeed has/had no UI to modify in some versions of Win10)


Well I guess that's business as usual on Windows if you turn off software updates. I don't think anybody should do that.

No. "Some of the blame"? Try "all of the blame." Windows Updates used to be pro-user. Now they're pro-Microsoft (pushing things Microsoft wants) and anti-user (routinely pushing 'features' no one wants or asked for).

I disabled it a long time ago and haven't looked back. Get back to me when MS starts remembering their customers are human beings again.


The reason for turning off updates is (I believe) rarely that one doesn't want important security updates. Just as Ubuntu servers have an option to automatically install critical security updates and for the rest you run `apt-get` when you want, the same should be available on windows.

Blaming the users is nice and easy, but Microsoft definitely deserves half of the blame (if not more).


It put "normal" into quotes because I specifically wanted to excluded anyone who is willing to tinker with the system risking to break things or simply lacks the knowledge how to do it or how to figure out.

I'm fully aware that there are countless ways to stop windows from updating. MS never attempted to make it super hard just hard enough so most of the people who absolutely should not turn it off are also unable to do so.


Well, generally I would agree, however on my desktop I can't recall the last time I got any malware (probably never since I bought it). So for me the choice is:

1. low risk of catching random malware (which so far is zero)

2. 100% chance of getting microsoft nagware

So yes, actually I consciously disabled windows update, because of the two, "get windows 10" is more annoying.

This is on my gaming PC though, so in the worst case I'll simply restore it from image and re-download games from Steam. So as I said, generally I do agree ;)


The comments are because Microsoft caused this problem in the first place - people want to turn off Windows Update, because Windows Update installs antifeatures too, and the only way to opt out of the antifeatures is to disable Windows Update.

In fact, there's a "run security updates only" option, which Microsoft provides, but which they deliberately and blatantly violated, by pushing their non-security updates through.

If Microsoft wants to stop this happening, then they need to provide a "security updates only" option, THAT ACTUALLY ONLY PROVIDES SECURITY UPDATES. This is not a hard concept.

"Turn off Windows Update" is indeed a suboptimal choice, like you say - what you should ACTUALLY be recommending to users, is to ditch Windows entirely if at all possible, and switch to an OS that is both secure and doesn't ship antifeatures.


Windows updates could be turned off back then. And often was

Because nothing that you're saying is relevant, given that point.

I disagree. Would an average user, the kind of person who is going to trust updates from Microsoft and leave them on by default and therefore wind up installing in this case in the first place, necessarily realise the significance of one extra confirmation dialog? People are notoriously blind to such messages, so I'd want to see exactly what that extra human intervention involved before making any judgement here.


You can disable it on Windows 7, though. That's the most important point.

If you adopted the policy of only installing security updates, which plenty of people did after GWX if not before, you didn't get that other junk anyway.

The way Microsoft have actively made it more difficult to install only security updates on older versions of Windows recently is yet another reason not to trust them with updates you can't control at all on newer versions. They brought this mistrust upon themselves by abusing their position deliberately and repeatedly, so I don't think anyone can blame the sceptics.

The really sad thing is the number of people, even here on HN where you'd expect to find relatively well-informed discussion, who completely miss the distinction between security updates and updates more generally when debating this issue. I mean, we are literally talking about an organisation that pushed out an entire new operating system via the update process, and they deliberately did so in such a way that many people now have that new OS and didn't necessarily want it or actively did not want it.


If Microsoft hadn't burned a decade's worth of "leave auto-updates on to keep your system safe!" public goodwill by force-feeding WIN10 BS to a massive number of people who did not want it, it's highly likely that this update would have been nearly unconditionally applied.

The default attitude of most people I've interacted with regarding technology is apathy. If it works, they're happy and they leave it alone.

Do you really think that a significant number of non-tech people would have gone to the trouble of looking up how to turn off updates to their facebook/email/google machine if Microsoft hadn't caused a massive shitstorm with their forced update BS?

The vendor is entirely at fault for making stupid short-sighted decisions that caused users to lose trust in the update process. No amount of handwaving can change that fact.


I'm sorry, they lose all credibility when they call forced updates "malware".

We spent the entirety of the late-90s/early 2000s complaining that MS didn't force updates on users, so these massive worms were infecting half the internet with exploits that were patched YEARS earlier.

It took moving a mountain to get MS to enforce patching of consumer systems, to sit here now and claim that's malware is both irresponsible and ridiculously short-sighted. Without mandatory patching, I can say without exaggeration that the entire internet would be less safe. Anyone spewing that nonsense is either too young to remember how horrible things were, or too stubborn to acknowledge it was the right thing to do whether they personally agree with it or not.


You control your computer, turn off updates, get malware, then come back and complain how M$ / Windows is crap. I really don't understand why so many people in this thread are actively complaining about not being able to turn off updates. It's like once a month and they give you advance notice and "pick a time"; you have a whole week to choose a good time to restart and apply some updates...

There are a ton of people who turn off updates because they just don't want to reboot (or just because they're incensed that Microsoft made updates opt-out). I have done multiple root cause analyses responding to incidents that have turned out to be out-of-date admin machines.
next

Legal | privacy