By Woody Leonhard,
If you want to join the ranks of the unpaid beta testers, please go right ahead. Don’t do anything and Patch Tuesday will find you. Make sure you tell us about any problems on AskWoody.com.
Every month we see the same pattern: Microsoft releases its Patch Tuesday regimen; the blogosphere flies into a frenzy about security holes that have to be patched right away; the patches bring bugs; the screams of imminent doom disappear as folks realize it takes a while – sometimes quite a while – for the security holes to turn into real, live exploits.
Those who patch right away stand the greatest chance of getting bit. Those who show a little restraint can watch as Microsoft fixes or works around the newly-distributed bugs. Think of it as unpaid beta testing as performance theater.
It’s been like that for years. (Computerworld has month-by-month details for the past three years of patching foibles starting here.)
To be sure, you have to get patched eventually. Some systems at high risk (for example, Windows DNS Servers last month) do need to be patched right away. But for the vast majority of Windows users, waiting a couple of weeks to get the latest patches applied doesn’t hurt a bit – and it gives Microsoft a chance to fix the bugs it invariably introduces.
If you don’t do anything, you get to beta test the patches as soon as they come out. But if you temporarily pause updating – using a setting first introduced in Win10 version 1903 – you can sit back and watch as the brave pioneers take it on the chin.
Microsoft has introduced some…let’s say uncertainty…in the way patches get applied when you use Pause Updates. Even so, the advantages to waiting on the sidelines far outweigh the necessity to get patched right away.
Here’s how to remove yourself from the fray.
Those who paid for Windows 7 Extended Security Updates should be cautious about installing patches immediately. Those who didn’t will either ignore the patches (large majority there), or wait to see if free alternatives appear – and 0patch has filled in several cracks. We’ll be covering both intently on AskWoody.com.
If you’re using Windows 7 or 8.1, click Start > Control Panel > System and Security. Under Windows Update, click the “Turn automatic updating on or off” link. Click the “Change Settings” link on the left. Verify that you have Important Updates set to “Never check for updates (not recommended)” and click OK.
By now, almost all of you are on Windows 10 version 1903 or 1909. Not sure which version of Win10 you’re running? Down in the Search box, near the Start button, type winver, then click Run command. The version number appears on the second line.
If you’re using Win10 1803 or 1809, I strongly urge you to move on to Win10 version 1909. If you insist on sticking with Win10 1809 (hard to blame ya!), you can block updates by following the steps in December’s Patch Tuesday warning. Be acutely aware of the fact that Microsoft won’t be handing out any more security patches for 1809 Home or Pro after November 10. The end is near.
In version 1903 or 1909 (either Home, Pro, Education or Enterprise, unless you’re attached to an update server), using an administrator account, click Start > Settings > Update & Security. If your Updates paused timer is set before Aug. 30 (see screenshot below), I urge you to click Resume Updates and let the automatic updater kick in – and do it now, before noon in Redmond on Tuesday, when the Patch Tuesday patches get released.
If Pause is set to expire before the end of August, or if you don’t have a Pause in effect, you should set up a patching defense perimeter that keeps patches off your machine for the rest of this month. Using that administrators account, click the Pause updates for 7 days button, then click it again and again, if necessary, until you’re paused out into late August or early September. (Note: the next Patch Tuesday falls on Sept. 8, which is early in the month and the day after the Labor Day holiday in the U.S.)
If you see a message that says “your device isn’t quite ready” for Win10 version 2004, be of good cheer. The message doesn’t signify anything, really, but it means Microsoft won’t try to push you onto version 2004 in the near future. And if you see an invitation to “Download and install” version 2004 (as shown in the screenshot), carefully consider that Win10 version 2004 is still exhibiting lots of strange little bugs. Turn down the offer. Don’t click anything.
Don’t be spooked. Don’t be stampeded. Don’t click “Check for updates.” And don’t install any patches that require you to click “Download and install.”
If there are any immediate widespread problems protected by this month’s Patch Tuesday – a rare occurrence, but it does happen – we’ll let you know here and at AskWoody.com in very short order. Otherwise, sit back and watch while our usual monthly crowdsourced patch watch proceeds.
Let’s see what problems arise.
We’re at MS-DEFCON 2 on AskWoody.
Woody Leonhard is a columnist at Computerworld and author of dozens of Windows books, including “Windows 10 All-in-One for Dummies.”
Copyright © 2020 IDG Communications, Inc.
Copyright © 2020 IDG Communications, Inc.