I've always had it drummed into me that I should keep Windows updated since the Windows 98SE days, but I am getting increasingly annoyed (or more accurately royally pissed off) with updates on Windows 10 Home. I have an unmetered internet connection with truly unlimited downloads (my ISP doesn't operate an idiotic/misleading "fair usage policy"), but I still have Windows 10 set to metered to give me some measure of control over updates. This way updates (and restarts) aren't forced on me, which is a great improvement over the default setup. The wushowhide utility also gives a little more control over updates, but despite both of these features, I still have MAJOR issues with Windows Update.
Windows updates are way too large and take far too long. Even if they install successfully (which isn't always the case by any means) they can take 30, 60, 90 or more minutes to install, but the last two updates were over 200 MB and both failed. One has failed three times in a row. Any update that takes more than 5 or 10 minutes to install is far too big in my book. I have things to do on my computer and waiting for ridiculously large Windows updates to install isn't one of them (not to mention restarts, sometimes multiple restarts). I'd like to only install security updates and bug fixes, but Windows Update doesn't currently give users that option, BUT IT SHOULD. In fact it gives precious little information about what any update actually contains or does. The installation progress indicators (if they're even present) are next to useless because they're not accurate and totally misleading and I'm thoroughly sick of that ever-present idiotic spinning circle and spectacularly unhelpful error messages like "Some update files are missing or have problems". Well, which update files? How do I install them? And if existing update files are corrupted, how do I fix them? That would actually be useful information. But the error messages go from the totally unhelpful to the totally cryptic such as 0x80073712. Because everyone knows what that means, right? (And yes I did Google that error code, but of all the suggested fixes, none of them worked). Who designed this update mechanism? Are they completely retarded?
Plus are Windows updates even necessary considering my setup?
I can keep Defender updated by right-clicking on its icon in the systray and selecting "Check for protection updates". This means I can update Defender without having to even open Windows Update.
I don't have Silverlight, Java, Adobe Reader or Microsoft Office installed (I do have Foxit Reader and LibreOffice). I do have Flash installed (because it comes with Windows 10 and I can't work out how to uninstall it), but everything is blocked from interacting with Flash (via the Control Panel settings) and Flash isn't activated in Firefox or Edge. I'm not sure if not installing Flash updates would be a security risk in my case or not. If it is a risk, could malware be installed on my computer without my consent considering I have UAC enabled and set to maximum?
I have several layers of defence/privacy when online:
- Windows Firewall is activated (by default)
- I keep Windows Defender updated with real-time protection and cloud protection (Defender may not score as well as 3rd-party anti-malware solutions, but it keeps out of my way and doesn't bug me with endless notifications which suits me just fine. I've tried many different anti-virus/anti-malware products over the years and they're all a PITA, mainly because they present me with what may or may not be false positives and I have no way of knowing one way or the other if they are or not. I don't have that problem with Defender. Plus 3rd-party anti-malware solutions come with a lot of additional features/bloat that I don't need or want)
- I use MalwareBytes free version as a standalone malware scanner
- I have UAC set to the highest setting
- All built-in anti-exploit features like DEP and ASLR are enabled
- Built-in anti-ransomware is enabled
- I use NoVirusThanks OSArmor (default settings), which provides additional exploit protection
- I only ever install software from the manufacturer's website. I always scan software with Defender, MalwareBytes and VirusTotal before installing (and if a checksum is provided I check that too). I never click on dodgy ads because I never see them in the first place thanks to uBlock Origin and I never click on links in dodgy emails (all are automatically sent direct to my spam folder anyway and I just delete them without reading them -- my email reader is set up to not display images from emails unless I specifically allow them on a per-email basis)
- I use Firefox with uBlock Origin with all the filters enabled plus I added the NoCoin filter (uBlock Origin blocks all ads and protects me from malvertising, malware sites, scam sites, phishing sites, etc; it blocks trackers including social media trackers and blocks cryptomining sites)
- I use Firefox with HTTPS Everywhere
- I use Firefox with 3rd-party cookies blocked; it's set to block pop-up windows and to warn me if sites try to install add-ons; location, camera and microphone are blocked (the camera and mic are also covered with black tape to be on the safe side)
- I use Firefox with first-party isolation enabled through about:config (this means that only first-party sites that place cookies and other tracking information on my computer can read them -- this feature was adopted by mainstream Firefox from the Tor browser; I regularly delete all History)
So considering all these layers of protection I have (and a bit of common sense on my part), even if I didn't update Windows 10 would I really be at any risk? I've read about fileless malware, but that's a misnomer as far as I can tell. Is there truly any malware that can get on someone's system without someone actually double-clicking on an installable file and letting it through UAC? Or by clicking on a link in a dodgy email? In other words, can malware get on a user's system without the user LETTING it on the system, either intentionally or unintentionally?
Windows Updates have cost me hours and hours of time (either installing updates that do install or trying to install updates that don't install and then having to fix the mess afterwards) and at this stage I'm considering giving up on Windows updates altogether. At this stage I consider Windows Update as bad as, or worse than, any malware I've ever encountered in terms of consuming hours and hours of my time.
I have Macrium Reflect and if I do get some malware that Defender or MalwareBytes can't remove, I could just re-image the entire hard drive in about an hour or so, which is faster than many Windows updates take.
I also use VirtualBox and I run XP on it and have several programs installed that for one reason or another won't run on Windows 10. I run XP in VirtualBox without internet access for obvious reasons. I've saved XP (and all the installed programs) as an OVA file and resintalling an OVA file only takes about 5-10 minutes in VirtuaBox -- even faster than a drive image reinstall.
I am thoroughly sick of Windows Update at present. The entire update mechanism is extremely badly designed and the updates need to be far smaller so they install far quicker than they do at present.
Does anyone else feel the same about Windows Updates?
And am I at any real risk if I don't update Windows? If so, what are the risks? And is there any way I can better harden my system against any threats without updating Windows?
An ideal solution would be some security software I can install that makes it impossible for me or for any malware to make any changes to my computer. A simple switch that blocks all changes would prevent all malware, even zero-day malware. If I need to install some software, I could temporarily disable the security software, make any changes I need, then re-activate the block. Ideally the software would allow me to save files and browser bookmarks to a separate partition that isn't affected by the block.
Does anyone know if such software exists? (DeepFreeze and RebootRestore Rx are kinda what I'm after, but not exactly. Also, Sandboxie is also kinda what I'm after, but I want something that works system-wide, not just for specific programs).
Windows updates are way too large and take far too long. Even if they install successfully (which isn't always the case by any means) they can take 30, 60, 90 or more minutes to install, but the last two updates were over 200 MB and both failed. One has failed three times in a row. Any update that takes more than 5 or 10 minutes to install is far too big in my book. I have things to do on my computer and waiting for ridiculously large Windows updates to install isn't one of them (not to mention restarts, sometimes multiple restarts). I'd like to only install security updates and bug fixes, but Windows Update doesn't currently give users that option, BUT IT SHOULD. In fact it gives precious little information about what any update actually contains or does. The installation progress indicators (if they're even present) are next to useless because they're not accurate and totally misleading and I'm thoroughly sick of that ever-present idiotic spinning circle and spectacularly unhelpful error messages like "Some update files are missing or have problems". Well, which update files? How do I install them? And if existing update files are corrupted, how do I fix them? That would actually be useful information. But the error messages go from the totally unhelpful to the totally cryptic such as 0x80073712. Because everyone knows what that means, right? (And yes I did Google that error code, but of all the suggested fixes, none of them worked). Who designed this update mechanism? Are they completely retarded?
Plus are Windows updates even necessary considering my setup?
I can keep Defender updated by right-clicking on its icon in the systray and selecting "Check for protection updates". This means I can update Defender without having to even open Windows Update.
I don't have Silverlight, Java, Adobe Reader or Microsoft Office installed (I do have Foxit Reader and LibreOffice). I do have Flash installed (because it comes with Windows 10 and I can't work out how to uninstall it), but everything is blocked from interacting with Flash (via the Control Panel settings) and Flash isn't activated in Firefox or Edge. I'm not sure if not installing Flash updates would be a security risk in my case or not. If it is a risk, could malware be installed on my computer without my consent considering I have UAC enabled and set to maximum?
I have several layers of defence/privacy when online:
- Windows Firewall is activated (by default)
- I keep Windows Defender updated with real-time protection and cloud protection (Defender may not score as well as 3rd-party anti-malware solutions, but it keeps out of my way and doesn't bug me with endless notifications which suits me just fine. I've tried many different anti-virus/anti-malware products over the years and they're all a PITA, mainly because they present me with what may or may not be false positives and I have no way of knowing one way or the other if they are or not. I don't have that problem with Defender. Plus 3rd-party anti-malware solutions come with a lot of additional features/bloat that I don't need or want)
- I use MalwareBytes free version as a standalone malware scanner
- I have UAC set to the highest setting
- All built-in anti-exploit features like DEP and ASLR are enabled
- Built-in anti-ransomware is enabled
- I use NoVirusThanks OSArmor (default settings), which provides additional exploit protection
- I only ever install software from the manufacturer's website. I always scan software with Defender, MalwareBytes and VirusTotal before installing (and if a checksum is provided I check that too). I never click on dodgy ads because I never see them in the first place thanks to uBlock Origin and I never click on links in dodgy emails (all are automatically sent direct to my spam folder anyway and I just delete them without reading them -- my email reader is set up to not display images from emails unless I specifically allow them on a per-email basis)
- I use Firefox with uBlock Origin with all the filters enabled plus I added the NoCoin filter (uBlock Origin blocks all ads and protects me from malvertising, malware sites, scam sites, phishing sites, etc; it blocks trackers including social media trackers and blocks cryptomining sites)
- I use Firefox with HTTPS Everywhere
- I use Firefox with 3rd-party cookies blocked; it's set to block pop-up windows and to warn me if sites try to install add-ons; location, camera and microphone are blocked (the camera and mic are also covered with black tape to be on the safe side)
- I use Firefox with first-party isolation enabled through about:config (this means that only first-party sites that place cookies and other tracking information on my computer can read them -- this feature was adopted by mainstream Firefox from the Tor browser; I regularly delete all History)
So considering all these layers of protection I have (and a bit of common sense on my part), even if I didn't update Windows 10 would I really be at any risk? I've read about fileless malware, but that's a misnomer as far as I can tell. Is there truly any malware that can get on someone's system without someone actually double-clicking on an installable file and letting it through UAC? Or by clicking on a link in a dodgy email? In other words, can malware get on a user's system without the user LETTING it on the system, either intentionally or unintentionally?
Windows Updates have cost me hours and hours of time (either installing updates that do install or trying to install updates that don't install and then having to fix the mess afterwards) and at this stage I'm considering giving up on Windows updates altogether. At this stage I consider Windows Update as bad as, or worse than, any malware I've ever encountered in terms of consuming hours and hours of my time.
I have Macrium Reflect and if I do get some malware that Defender or MalwareBytes can't remove, I could just re-image the entire hard drive in about an hour or so, which is faster than many Windows updates take.
I also use VirtualBox and I run XP on it and have several programs installed that for one reason or another won't run on Windows 10. I run XP in VirtualBox without internet access for obvious reasons. I've saved XP (and all the installed programs) as an OVA file and resintalling an OVA file only takes about 5-10 minutes in VirtuaBox -- even faster than a drive image reinstall.
I am thoroughly sick of Windows Update at present. The entire update mechanism is extremely badly designed and the updates need to be far smaller so they install far quicker than they do at present.
Does anyone else feel the same about Windows Updates?
And am I at any real risk if I don't update Windows? If so, what are the risks? And is there any way I can better harden my system against any threats without updating Windows?
An ideal solution would be some security software I can install that makes it impossible for me or for any malware to make any changes to my computer. A simple switch that blocks all changes would prevent all malware, even zero-day malware. If I need to install some software, I could temporarily disable the security software, make any changes I need, then re-activate the block. Ideally the software would allow me to save files and browser bookmarks to a separate partition that isn't affected by the block.
Does anyone know if such software exists? (DeepFreeze and RebootRestore Rx are kinda what I'm after, but not exactly. Also, Sandboxie is also kinda what I'm after, but I want something that works system-wide, not just for specific programs).
