Most Users Don't Use Windows Update Properly: Report
A new report suggests that many users who use the Windows Update feature to automatically download and install the latest security patches from Microsoft do not have an up-to-date operating system.
Windows Update gives users two options: manual and automatic updates. With the manual option, users must initiate security downloads themselves, which can be carried out when it's most convenient. On the other hand, the automatic option alerts users to necessary updates and begins the download and installation process without requiring user input.
Most Windows Users Delay Automatic Updates
The report, entitled "Market Share Analysis of Antivirus and Operating Systems," comes from California-based software company OPSWAT; it suggests that even with automatic updates enabled, many users aren't updating their systems immediately. The study is based on the activity of 4,500 people who use the OPSWAT GEARS security monitoring system, and was carried out between May and October 2014.
The study suggests that an overwhelming percentage of Windows users -- approximately 89 per cent -- have automatic updates enabled. However, only about one in three of those users are actually running fully up-to-date operating systems. (Source: prweb.com)
OPSWAT says the problem is that many people constantly delay the security update process because they don't want to lose access -- even temporarily -- to their computers. "This could indicate that when most users see a notification for an update, they are reluctant to shut down their devices to go through the complete update process," OPSWAT said in its report. (Source: pcworld.com)
Automatic Updates Delayed for Days
Most Windows security updates require a user perform a system restart in order to complete the changes. One could conceivably delay the restart for up to three days, at which point Windows forces the system to carry out the process.
But OPSWAT insists that's a dangerous approach because many online attacks take advantage of systems that haven't installed the latest security patches. While zero-day exploits make big headlines, in most cases malware attacks focus on security vulnerabilities that have been known for some time. Failing to immediately update a system's security defenses leaves it vulnerable to these kinds of attacks.
What's Your Opinion?
Do you have automatic security updates enabled on your Windows OS? Do you always allow those automatic updates to immediately download and install? If not, what's your reason for delaying? Do you think Microsoft should take a different approach to automatic updates?
My name is Dennis Faas and I am a senior systems administrator and IT technical analyst specializing in cyber crimes (sextortion / blackmail / tech support scams) with over 30 years experience; I also run this website! If you need technical assistance , I can help. Click here to email me now; optionally, you can review my resume here. You can also read how I can fix your computer over the Internet (also includes user reviews).
We are BBB Accredited
We are BBB accredited (A+ rating), celebrating 21 years of excellence! Click to view our rating on the BBB.
Comments
Smart users wait a few days
Smarts users will wait a few days and check if any of the updates from Patch Tuesday have caused serious issues. The chances of a Windows patch breaking something to the point that the user can't even boot or BSOD (blue screens) is far higher than the probability of being compromised by a zero day in the three days after Patch Tuesday.
In fact, most vulnerabilities require the user to run as admin or click on a link in a strange email, things a smart user is not going to do.
Disk images are better protection
If it's mission critical, the operating system (OS) should be backed up using disk images on a daily basis, and the user data separated from the OS. If a patch fails, you can always revert the operating system (partition) using an image backup.
Considering the number of patches that are distributed by Microsoft, it's relatively rare for a patch to cause a blue screen. But when it happens, it's a nightmare because most people are not properly prepared for disaster recovery.
As for email and malicious links being one of the main reasons for malware infection - that may true, but there are many other attack methods being employed, such as: malware advertisements, purposeful downloads, drive-by downloads, browser exploits, etc, that could just as easily infect a system.
Two reasons for delay
I have my system set up to notify me of new patches, but not to download or install them. I wait to install the patches for two reasons:
1) I subscribe to Windows Secrets and Susan Bradley has a column after every Patch Tuesday listing the patches, their severity, and whether or not it is better to install them immediately or wait awhile.
2) I use a WiFi hot spot at work to connect with my personal PC, since we can't use the corporate link to access personal e-mail or a bunch of other sites that the company has deemed to be "unacceptable." The hotspot has a 5GB limit or my bill goes up. When I switched to a Windows 8 laptop, I immediately started over-running my limit. This was mainly due to the updates to the "live tiles" in Windows 8, but also due to the automatic updates which were enabled when I got the machine. After setting my WiFi link as a "Metered Connection" and saving my Windows Updated until I am on my home network, my utilization dropped back down under the 5GB per month limit.
WIndows secrets
Ditto item 1
I also use several other tools to let me know and possibly update other things in the system, such as Secunia PSI or CNET download. Note that I usually download and install the software myself, so that I can say "no" to the other software baggage that many apps are famous for.
Adobe reader can check for updates, Flashplayer has http://helpx.adobe.com/flash-player.html to check,
Automated Windows Updates
I usually wait till Windows notifies me in my system tray. It's just prudent to wait and see if there are any bad updates, even though I make regular backups too. Thank God for that. The last update trashed my computer, even though endorsed by Kim Komando. I'd been screwed without my backup.
Update
I also read Windows Secrets and follow Susan Bradley's advice (mostly) by waiting on the patches she says are likely to cause a problem. However, I DO download the patches and install them as soon as I (and she) think it prudent. While I agree that MOST people should do automatic updates and let them ALL go through as soon as available, more advanced and "power users" can and should do it on their own timetable. I'd venture to guess that Dave doesn't automatically let them install wthout his intervention or at least his supervision.
I always update when they become available
If by "Dave" you mean "Dennis" (me), then the answer is: I have the updates set to automatically download install for a number of reasons. The only intervention I have with my updates are a request for reboot after they have installed -- but sometimes the system will reboot itself.
I choose to have my updates automatically installed because I'm confident in my disaster recovery system (disk images), which backup my operating system every day on external media; I also choose to automatically update because I'm confident that the updates won't break my system. It's statistically rare that it happens.
If you don't have this type of backup protection in place and you want to risk a possible malware infection as you're waiting for others to "give the OK" -- then by all means, wait and see, and pray you don't get infected by malware the next time you visit a website.
For what it's worth, all those updates you choose not to install will eventually become installed if and when you run the next service pack update.
Anyone that needs help in setting up disaster recovery on their systems is welcome to contact me using the contact page (http://www.infopackets.com/contact) or by using the chat system on the bottom left of the screen.