Time to turn off Windows Automatic Update and brace for impact

Credit to Author: Woody Leonhard| Date: Mon, 10 Sep 2018 06:19:00 -0700

August 2018 was a relatively innocuous patching month, although the final resolution to the August problems didn’t appear until late Friday night just as the month was coming to a close — on a three-day weekend in the US.

We’ve seen the same pattern repeat itself almost every month since the beginning of the year: The first round of Microsoft security patches (notably including Win10 patches) introduce bugs, while subsequent rounds of patches each month squash most of them. If we’re lucky.

Sometimes the fixes come in second or third cumulative updates. Sometimes they come in Monthly Rollup Previews — a heinous practice. In either case, a significant group of first-round patchers get hit. Their more cautious brethren sit and watch, listen to the screams of pain, and wait for the all-clear.

If you remain resolute in your belief that Microsoft’s way is the best way, then by all means, I urge you to install all of the updates as soon as they’re available. That way you can tell us what went wrong. Use your phone.

If you’re just a tad skittish — those who learn from the past aren’t doomed to repeat it, eh? — I recommend you turn off Automatic Updating, just for a while.

The methods for blocking Windows Update are pretty straightforward.

If you’re using Windows 7 or 8.1, click Start > Control Panel > System and Security. Under Windows Update, click the “Turn automatic updating on or off” link. Click the “Change Settings” link on the left. Verify that you have Important Updates set to “Never check for updates (not recommended)” and click OK.

If you’re using Windows 10 Pro version 1703, 1709, or 1803, and Microsoft doesn’t change its mind again, you can use Windows’ built-in tools to hold off on the looming patches — just follow Steps 7 and 8 in 8 steps to install Windows 10 patches like a pro. Other Windows 10 users, including all Win10 Home owners, aren’t quite so lucky, but the general “metered connection” approach is detailed in Woody’s Win10Tip: Block forced Windows updates.

If you’re a Paranoid Pro, it’d be wise to use both the Update advanced options approach and the metered connection approach. You can never have too much protection.

To keep your machine on 1703 or 1709 — and avoid 1803, for the meantime — follow the detailed steps in How to block the Windows 10 April 2018 Update, version 1803, from installing. Yes, Microsoft has ignored those settings on some machines, but using all of the tricks — even setting Pro machines to metered connection — seems to block the forced march.

Microsoft has vowed that it will stop dishing out security patches for Win10 1703 next month — although it isn’t clear if the flow will stop with the first (buggy?) round of cumulative updates, or if the bugs will be bad enough that Microsoft will be shamed into releasing a second or third round of 1703 cumulative updates in October.

Those of us who are still using 1703 will have to decide next month whether we’re going to jump to 1709, 1803, or maybe even 1809. But that’s a decision for another day.

We’re at MS-DEFCON 2 on the AskWoody Lounge.

http://www.computerworld.com/category/security/index.rss