Unless you have been on Point Nemo for the weekend, you are probably aware of the biggest ransomware outbreak in history: WannaCry. Like any other ransomware, WannaCry could have been avoided by adopting two simple best practices:
- Keep your operating systems up-to-date
- Take backups regularly
IT professionals have always recommended these best practices. However, there is an increasing number of people who justify disabling automatic updates. I call these people anti-updaters.
Anti-updaters are particularly active among Windows users. They usually claim that Windows Update’s interruptions are impairing their productivity.
While I understand that Windows Update can be annoying, its interruptions do not justify turning it off. For instance, Microsoft released the critical MS-17-010 patch that addresses the vulnerabilities exploited by WannaCry two months ago. This means that the PCs infected by the ransomware were at least two months behind with patches. Automatic updates would have prevented many of these infections.
I tried to argue with an anti-updater. I suggested that her tutorial for turning automatic updates off on Windows 10 fosters an irresponsible behaviour. The following is an extract from the conversation:
Anti-updaters such as @geeklil at @CNET are no different from anti-vaxxers—they should be banned from the IT industry. #WannaCry https://t.co/1eNmfwNX0i
— Alessandro Rossini (@alerossini) 13 May 2017
@alerossini @CNET LOL. You guys, um, know that you can update software manually, right?
— Sarah (@geeklil) 13 May 2017
@geeklil @CNET IT professionals do, but most people either don’t know or don’t care.
— Alessandro Rossini (@alerossini) 13 May 2017
@geeklil @CNET Disabling automatic updates is among the primary causes of the spread of ransomware. That’s why your article is dangerous.
— Alessandro Rossini (@alerossini) 13 May 2017
@alerossini @CNET This is a how-to piece. I don’t know what to tell you aside from “don’t read how-to articles as advice.”
— Sarah (@geeklil) 13 May 2017
@geeklil @CNET That’s a flawed argument. Your article does foster irresponsible behaviour among the non-techies.
— Alessandro Rossini (@alerossini) 13 May 2017
@alerossini @CNET Nope. CNET is for both techies and non-techies.
— Sarah (@geeklil) 14 May 2017
@geeklil @CNET The fact that CNET is also for techies does not respond to the argument that your article fosters irresponsible behaviour among non-techies.
— Alessandro Rossini (@alerossini) 14 May 2017
@geeklil @CNET That’s a logical fallacy of avoiding the issue: when an arguer responds to an argument by not addressing the points of the argument.
— Alessandro Rossini (@alerossini) 14 May 2017
@alerossini @CNET Every article written isn’t for every person. I’m not really sure what you want me to do about that.
— Sarah (@geeklil) 14 May 2017
@alerossini @CNET Now, if it were a piece *advising* people to turn off auto-updates, you’d have a point. But it’s not.
— Sarah (@geeklil) 14 May 2017
To me, this way of arguing is problematic, as it spreads misinformation about automatic updates. Like scientists are fighting against anti-vaxxers, I believe it is time for IT professionals to fight against anti-updaters.
We may not have seen the full extent of the WannaCry attack, as the ransomware may spread again when people go back to work on Monday morning and turn their PCs on. Perhaps individuals and organisations will learn the lesson this time. Nevertheless, I hope you will join me in this campaign to stop people from disabling automatic updates, regardless if they are techies or not.
16 May 2017 at 16:27
Autoupdate on Windows 10 is highly problematic. It uses a lot of bandwidth to download not only security updates, but a whole lot of sh*t not required for the proper functioning of the OS. We (actually I use a Mac at home, but my girlfriend does use Windows 10) became hostage to how the OS wants to do its stuff with no part of it. If you are working or gaming, you get your workflow totally interrupted. Don’t even think about restarting or shutting down if you are under heavy work. That’s completely vicious! But of course, we only license the use of the OS, however it works. How is this behavior acceptable?
I won’t advice anyone to switch to Linux anymore, but these days I wish it prevailed a bit to be more of an option to Windows users. Thankfully, I don’t have to cope with Windows anymore at home.
BTW, I manage about 2500 clients as my day job and more than once had to pull an update because it wasn’t tested before release. I mean, an update that thrashes Windows somehow got released? Doesn’t Microsoft test their updates on their own computers? For some reason, they are not being held liable for damages…
16 May 2017 at 01:27
We want to shove Windows 10 down your throat, so please turn on automatic updates…
Microsoft brought it on themselves for putting this very aggressive push that even crashed many systems and the only way to stop the Windows 10 from being installed was to turn off automatic updates.
So I have a choice of automatically having some horrible crashing update that I don’t want and will have a lot of trouble getting rid of installed, or not getting security updates.
Sorry, but I need to use my computer, not worry about update bombs mixed in with the wanted security updates.
17 May 2017 at 20:56
Have you ever considered buying a Mac?
17 May 2017 at 21:04
Yes, but unfortunately a large portion of the software is Windows only. Actually I’d prefer Linux to any of them but when my employer requires windows, I often can only use another windows system to work with it.
Why does anyone use Microsoft products and windows? Oh, that is what came with it – they tyranny of the default, and worse with some of the security features you can’t install anything else. Oh, and did that BIOS trusted platform module prevent Wanna Cry? No.
Have you considered buying a clean hydrogen powered vehicle? I could probably make the same case with an electric vehicle. Where do you recharge instead of fill up? How long does it take? How far to the next station?
Microsoft wanted to be a monopoly monoculture and succeeded. Tell me how I can get things done without it (and without violating copyright). So I have to use it whether I want to or not. Crossing the ocean? “If you don’t like to fly, just use a cruise ship”.
17 May 2017 at 19:18
Have you ever considered changing employer then? All jokes aside, as someone who has not used Windows for the last 15 years, I can hardly think of any major applications that are not available on macOS.
18 May 2017 at 04:56
The problem is not “Major” applications. I can get Word and Excel on my tablet. The problem is the 3-sigma or other apps. For example, I have to use an embedded IDE that only exists on windows. It’s not gcc/gdb/eclipse. I’m a Ham radio operator, and the software to control and upload/download to and configure my radio is also Windows only. I have hardware that only has Windows drivers and not Mac or Linux.
I have no problem with “major” applications as something like Libre Office often exists because people just hate microsoft and have done something about it. I’d do something but often things are proprietary, have a smaller audience (even if in the tens of thousands), or are just too big to take on.
If you’ve not used windows for the last 15 years, you are like someone who derides people who complain about the problems people encounter when flying in airports – the security gate-rape – and on-plane service because they haven’t flown in 15 years.
18 May 2017 at 16:15
That’s a bit of a stretch, don’t you think? The fact that I have not used Windows for the last 15 years does not imply that I lack empathy towards Windows users experiencing problems. In fact, I have only criticised their choice of turning Windows Update off.
18 May 2017 at 21:53
But the only way to solve the serious work-stopping, computer crashing “updates” is to turn AUTOMATIC updates off. Then do them manually when you have time to sort through them, find which ones aren’t something sneaky, then be able to spend extra time maybe imaging for a restore or figuring out if everything worked and fix it up afterward.
How do I stop most of the most serious “problems” with windows to make it useable? Disable automatic updates.
But you are sympathetic but want people to live with the pain?
19 May 2017 at 17:42
If turning Windows Update off is your only choice for certain applications, you could at least run these applications on a separate PC/virtual machine, while running the other applications on a PC with Windows Update on. Just my two cents.