A real Sophie's choice: have your data stolen by hackers because you're vulnerable, or have your data deleted by the patches that secure your system!

The former is blown out of proportion because the vast majority of vulnerabilities are only locally exploitable, and the rest is mostly "visit shady site in IE with default settings" with a tiny bit of "hackers can own your system if you connect it directly to the Internet and don't do anything other than leave it on." My thoughts on the above are, respectively, "meh", "why would you use IE with default settings" , and "yes I definitely need this fixed." Unfortunately Win10 doesn't give you that choice.

So you pick "have my data and identity stolen" over "my computer occasionally restarts itself while I'm asleep". Alright, good luck!

You missed the very true point they made about overstated vulnerabilities. The odds of actually having your data compromised due to not updating for a few weeks or even months, is low. Particularly if your browsing and computer usage doesn't involve downloading dodgy software and browsing to shady unfamiliar websites, and you're at least half aware of sensible computer use, password and login use.

This is hubris incarnate, the seatbelt argument all over again.

Poor analogy, and typical of the deferred-update paranoia crowd, thinking the worst and feeling exposed because Microsoft says you are in "critical danger".

A better analogy: You should keep your bicycle helmet on in the shower due to the slippery tiles and statistics of shower-related head injuries.

Or this...

Believe it or not, when you leave home without your umbrella, it may not rain. You know this, but you take your umbrella anyway. I choose not to.

The analogy was more than apt: a car crash is devastating, as is losing your identity, it's more likely than people tend to think, and the cost of protecting yourself against this devastating thing is relatively low.

If anything, the umbrella analogy wasn't great, because getting wet is a consequence of forgetting your umbrella, and that's far from as devastating as having your identity stolen. Further, you getting wet doesn't create a negative network effect like having your computer hacked does by adding your computer to a nefarious botnet.

This isn't Reddit, you can agree that the comparison was solid, but that the conclusion was still wrong. No need to go into Internet argument mode; we can have a discussion. For example, your helmet analogy in the bathtub is a decent one, except for the fact that it costs way more than running an update does to keep you safe.

Are you critically vulnerable all the time? No. Are you better equipped than Microsoft to judge which updates are important and which aren't? No. It's, as I said, the definition of hubris to think otherwise.

If you don't like how Windows does updates, don't use Windows -- lots of other great options.

Besides, the cost is absurdly low to keep yourself safe. If you're making the choice to run an un-updated Windows machine that's connected to the Internet, you are driving without a seatbelt, and not only are you literally risking your own livelihood, but you're also putting others at risk.

Try disengaging "worst case scenario" mode. You argument is hinged on seat belt catastrophe, loss of livelihood, identity theft, botnets, and general worst case computer doom.

Losing your livelihood because you didn't update Windows in a timely manner? That's beyond a joke. Besides, Anti-virus software would do a better job of preventing these worst case events.

The reason people have their identities stolen or computers hacked is mainly because of human error. People open attachments; people fail to identify scam emails and start engaging with criminals; people enter information willingly on websites they shouldn't, people put USB drives they find on the ground into their computers; people do dumb things and no "critical security update" is going to stop that.

Yes, forgetting your umbrella results in getting wet. Running with your logic, we need to extend the analogy. The rain gets on your watch causing it to malfunction and tells the wrong time, so you miss your train. You turn up late to the interview, you don't get the job, you can't pay the rent, you get kicked out, you're now homeless and living on the street. Really should have taken that umbrella.

It's not a joke, ransomware for example is real, and it's a huge problem. If you know anything about security you know that ransomware is on the rise and it's getting worse each year.

Malware infecting an insecure computer is not a "worst case scenario", this happens to millions of computers each year.

"Only" 6 million car accidents happen per year in the US, even though there were ~10 billion car trips over that same set of people and area, which makes the incidence rate 0.06%, so why bother with a seatbelt? It's "beyond a joke" to think you're going to get into an accident today!

This isn't a debate; keeping your system up to date is, by far, the best way to stay safe from a real threat. You can pretend it's not there all you want, but the rest of us are going to take care, and would appreciate if you didn't contribute to the sea of botnets. You make everyone less safe.

> This isn't a debate

Be advised that you don't get to decide on whether this is or isn't a debate. You are attempting to re-frame the debate to suit your precarious position.

This debate as specified in the parent discussions, is about Microsoft enforcing updates on people without choice. This causes annoyance and even loss of work. The top comment describes Windows as an "an update engine that will sometimes also do computation for you". This is a significant and legitimate criticism that trumps your arm-flailing about malware (which as I said would be better defended with virus protection).

As the parent poster said, many of the vulnerabilities discovered are exploitable only locally, or under very specific and rare circumstances, yet are still flagged as "critical" and bundled with user interface updates.

Then you rode in on your horse, citing car accidents and seat belts, which really doesn't help in the context of having control over when system updates are performed. Nobody said "never update". It's about control over when those updates happen.

> ...but the rest of us are going to take care, and would appreciate if you didn't contribute to...

You're having a hard enough time speaking for yourself, please don't branch out to speaking for others.

Are they security patches, though? The difference between a critical safety update and the update that adds new things to Candy Crush is imperceptible to the casual user who just wants to get work done and will foster an unfair distrust of the important need for these updates. Additionally, the implementation is frustrating and buggy.

If someone updated OpenSSL from an insecure version on my machine, I'd probably never notice.

I hear you, but your claim that Windows Update is "frustrating and buggy" just doesn't mesh with my experience, so it's hard to relate to your concern. I don't think I've ever noticed Windows update running, except for the once-a-month or so times I've come back to my computer and it's been restarted. Hardly "buggy" or "frustrating".

Admittedly I don't think all Microsoft updates that get pushed out are security patches, but there are a lot of configuration options that give me control of how and when updates get applied. I find it hard to understand what the situation is that these controls aren't enough to work around any potential "critical" timeframe I might have.

Besides, for important stuff that must be up all the time, everyone knows by now that *nix is the way to go, right? This is not anywhere remotely new. Running Windows is implicitly trading off 100% availability for... whatever else Windows offers (gaming compatibility, for me).

My frustration with a personal PC is just turning one on the morning after doing updates and having to wait an hour before I could go back to work.

For silly reasons, though, I've had to update a lot of OEM Windows Home installations to new. Something like Ubuntu would have been better if starting from scratch but there was a lot of work to move the codebase to that once Windows stopped being something you could trust to turn on when you wanted it to turn on and turn off when you wanted it to turn off.

Anyway, this led to days of non-deterministic updating where sometimes it would fail to find the new updates until after I left, sometimes it would fail to install an update, and sometimes it would boot-loop. But always it would take longer than installing a new Linux distribution from scratch.

Now this is all anecdotal but even an installation-and-update cycle that goes well takes too long - seemingly because Windows has now mixed the worst DRM implications of SaaS and proprietary SaaP for most of its genuine customers. When I see people talking about how updates can be made to work as one would expect them to work with just a few steps (which seem to change following every major release), I'm reminded of playing with shakier Linux and FreeBSD desktop distributions as a teen. Now Ubuntu is the OS that 'just works'.

My frustration about this largely comes from any complaints about the implementation being lumped in the 'ignore' bin with the Luddites who don't care about the security at all. My very proprietary Chromebook updates painlessly.

I get all that, but your last line resonates most with me.

> My very proprietary Chromebook updates painlessly.

This is how my experience is with Windows. It's painless. Zero issues. It operates exactly as I expect, and I have no problems.

Besides, running Linux distros came with the veritable cavalcade of revolving "Why won't this basic thing work?" -> "Maybe this forum post from 3 years ago will help" -> "Okay now my mouse won't move." -> "Better reinstall the OS to get things working again" -> "Why won't this basic thing work?" and so on. Ubuntu is probably, to me, the experience you feel you're having with Windows.

Linux desktops feel like a hobby unto themselves, which may be fine for some, but is not what interests me.