Do You REALLY Need Windows Updates?

Can't disagree. It's got to be difficult to get it 100% right given the near-infinite combinations of hardware and software out there, but they don't even seem to catch the basics half the time.

Someone would still take it as a challenge!

Doesn't Windows from 10 onwards differentiate feature updates from security updates? You can turn most frivolous updates off while keeping security ones coming.

@@feelshowdy Not anymore. This was the case before Windows 10, but those days are gone. You can't install just security updates now because the monthly security fixes come bundled with non-security fixes as well in the same package. The only exception is what's known as out-of-band patches when something is so high risk and is being actively exploited that Microsoft releases a standalone update outside the monthly schedule, because it's too urgent to wait. These are only a very small minority of security updates, though.
The "feature updates" are significant annual upgrades and are more like a Windows version update than a regular patch. Deferring them for a while is fine, but Microsoft only supports old versions for a limited time and then they stop getting any updates, including security.

@@ProTechShow Oh I see, that's very unfortunate. I run a custom '""LTSC""" Win10 installation, but it's just a set-aside partition on my laptop for gaming (I actually use Linux for everything else I care about). Still, I would never think of blocking updates on it. I like to be safe.

@@ProTechShow Ah, so if its actually important they will release it separately, and if its just more adversarial microsoft bullshit masquerading as something important then its a regular update. I'll just block updates and download the real ones when I need to.

@@steveholt480 No, I'm afraid not. They only release separate updates for zero-days, not all important fixes.
Normally, the bugs are found either by Microsoft themselves or are reported to Microsoft and they get fixed in the regular updates before they get exploited. Bad actors check the updates to see what got fixed and reverse-engineer an exploit, so if you don't install the regular updates you remain vulnerable.
Occasionally, the bad guys find the bugs first and Microsoft finds out _after_ people start getting hit. When this happens they can't afford to wait weeks to get the fix out with the regular updates, so they release a standalone update to get it out faster. This is relatively rare and is based on urgency rather than severity. A bug can be more dangerous, but if the bad guys don't know about it yet it will go in the regular updates.

Thanks. I prefer not to demonstrate recent exploits because people who don't update regularly are still vulnerable to them and I don't want the content of my videos to be abused for nefarious purposes. Demonstrating older exploits is safer because it gets the point across without providing something that could be used to attack a relatively modern system.

You can usually uninstall the updates, but personally I'd try to find a solution as what you're describing doesn't sound normal.
Worst case, a clean install might help, although it's a bit it of an extreme measure.

Haha, love it

If you keep it on a completely isolated network that is a viable option. It's usually not practical for most use cases, but there are scenarios where the impact of a computer failure is so great that the safest thing to do is not let it talk to anything else. They're usually pretty specific scenarios, but in principle if you keep your computer disconnected from everything else then you're pretty secure.

@@ProTechShow IoT/OT for example is quite often not connected to the internet. Even in these cases offline patching CAN be recommended. Think of an attack scenario where a malicious employee connects an USB to an offline machine. If the machine is not properly hardened and/or patched, this still leaves you with numerous risks.

No arguments here. I've had one Linux update break a server in the last 2 years. Microsoft... I'm losing count!

@@ProTechShow Linux is trash. NO START MENU AND BARELY INTERNET AND TASKBAR IS LEFT , Linux is just horrible.

What are you on about? 😂
Linux has several desktop environments to choose from, and with the common ones you can choose where the task bar goes and if you want a start menu or not. All of the major web browsers from Windows like Chrome, Edge, Firefox, Opera, etc. can be installed on Linux.
There are valid reasons to be critical of Linux but you've missed the mark here.

In general I'd agree but in my experience it also depends on the distro. I can recall a RHEL update hosing a server maybe a couple of times in the last 10 years, which is definitely less frequent than Windows. Fedora, on the other hand, feels like playing Russian roulette every time I update.

Oh no! 🙈
I update and shut down at the end of the day. Would not be popular if it started waking people up!

Not that far off the truth - a firewall would call the port action you need to hide yourself "stealth", so that's basically invisible mode, right?

Honestly, I just don't recommend 3rd party tweaking tools. They cause more trouble than they're worth and I don't consider security vulnerabilities to be an acceptable trade-off for having a little bit more customisation. Windows does have a lot of customisation options, but if they're not exposed through a supported means like Group Policy there's no guarantee it won't break in the future. Windows simply isn't built for very granular tweaking, so if you're going to use Windows you should learn to live with the way Windows works. If you want to heavily customise your operating system you may find Linux to be more to your liking.

@@ProTechShow I searched for HOURs tryting to make the border of programms windows thicker so that they are not just 1px and in the end it turns out that even with registry hacks it became impossible because a recent windows update didn't just reset the registry key. it removed the fuctionality completely.
all these small changes together have a huge positive impact on my user experience.
and about Group Policy... haave you ever tried to disable windows defender via group policy? it turns itself right back on because microsoft does not respect changes that i want if they don't feel like it.
No system will ever be 100% secure no matter what you do. so it all comes down to trade offs.
Microsoft is not our trustworthy friend that protects us. they want our data and personal information as much as maleware developers and if they have their way they will install their own maleware like Copilot on your PC and capture your screen.
I do hope that linux wiill become an actual alternative at some point but there is just too much software and drivers that does not exist to make the switch.

That assumes their device never leaves the house, and ignores a multitude of attacks that do not require inbound network connectivity such as drive-by attacks. I didn't show one in the video for the sake of brevity, but NAT offers no protection against them. Even where NAT is effective against a particular attack, on a home network most routers run UPnP which can be used to bypass NAT and attack the device directly. I've seen all of these used in the real world, so I can’t really agree they were even slightly right.

@@ProTechShow Don't get me wrong. You were right. It's just that there's a difference between being vulnerable vs. exposed :)

@@ProTechShow Whens the last time you took your PC out of your house

@@mystriddlery The majority of PCs today are laptops and are portable by design. Even tablet PCs outsell desktops these days. To answer your question: every time I go to work.

@@ProTechShow The majority of laptops sit in one place most of their lives and hardly ever leave the house theyre in. Majority of viruses come from you clicking some dumb link, which is completely irrelevant from microsoft updates.

Thanks! We can but hope...

Haha. Do it! 😄

You dont need to install updates though.

It's amazing how uncommon common sense actually is!

It's going to be a mess. There are ways to upgrade unsupported machines, but if your only upgrade option requires a clean install (e.g. if you don't any version of TPM) then every annual update will also require a clean install.
ruclips.net/video/TFKwz5rDKNY/видео.html

No windows updates, sounds like bliss. Too bad they wont allow it though, windows is literally forcing every computer connected to the internet to upgrade to windows 11 soon. Windows updates arent saving you from anything. This guy in the vid is a moron.

They are not "forcing every computer connected to the internet to upgrade". In fact, if your hardware doesn't meet their semi-arbitrary requirements they will try to block you from upgrading.
I'm not defending Microsoft's approach to Windows 11 upgrades but 100% of what you've said here is wrong.

@@ProTechShow Why do you think they are phasing out windows 10 so quickly then, or did you miss that news? My computer 'doesnt meet the requirements' for windows 11 but they still forced it on my computer. I have windows 11 now, and it still says my computer isnt compatible for it lol.

@@mystriddlery Microsoft's typical support lifecycle for their operating systems ends after 10 years. Windows 10 was released in 2015, support ends in 2025 - there's nothing sudden about it.

Thanks!

Not always. If you have a vulnerability and an attacker can make a connection to your computer, you're in trouble. The most common way this starts is from a website or attachment, but worms in particular will attempt to spread by attacking anything on their network (which could be home, work, school, public wifi, etc.).
If it's a device permanently exposed to the internet like a server or a firewall then anyone can have a crack at it at any time.

I didn't wear a seat belt for 3 years and didn't have a car accident, therefore seat belts don't protect you - same logic.

@@ProTechShow but can windows kill us ? we wear a seatbelt for safety our life, but computer ? if got hacked then just reinstall, simple asf, windows should just make 2 variable to us, you need update then press update, you dont need update then dont bother us. like android

@@ProTechShow as pc for gaming, i dont need windows update, windows update just ruin fps

@@ProTechShow and can you tell me how to we got hacked when only play at home and using lan, and as pc only for game we install from steam,riot/ official gamestore

@@AlAn-gi3mq Several questions there so I'll try to cover them all:
1. This channel is primarily aimed at IT professionals (hence "Pro"). They do a lot more than sit at home and play games on steam, and they have a professional responsibility.
2. There was a vulnerability patched by last month's Windows updates that allows someone to take control of your computer just by sending it a specific type of packet. Your computer could reject the packet on its firewall and still be compromised. In theory you could be attacked by simply starting an online game that has a bad actor also playing it at the same time, visiting a website that has been compromised, putting your device on a network with a compromised device (e.g. public WiFi hotel, coffee shop, etc.), or just by being connected to the internet at home and a bad actor catching you with a random port scan. The exploit for this is not known to be in the wild yet, but now the patch has been released it will get reverse-engineered and exploited. You should install the update before that happens.
3. Bad actors don't need to kill you to do damage. Compromising your devices can result in your money or personal information being stolen, which can further lead to fraud and identity theft. For the core audience of this channel, it typically results in lost revenue, significant downtime, reputational damage, and financial/regulatory penalties. On multiple occasions I have personally witnessed companies being hit to the tune of hundreds of thousands, all because someone in the company didn't install an update.

Because it isn't true. With the release of Windows 10, Microsoft moved to monthly cumulative updates that include both security and non-security fixes. You cannot install just security updates on Windows 10 or 11 like you could with Windows 7.
You can defer the annual feature updates (e.g. Windows 11 24H2 when it arrives), but only for a limited time before you stop receiving any updates, including security.
The change happened nearly a decade ago - it's a little ironic to be calling people slow...

@@ProTechShow I've been doing it for 3 years now on windows 10 by downloading only the security update packages from Microsoft. Today I decided to update everything because your video scared me. If what you say is true I won't be able to do it anymore.

If you're doing it on Windows 10 then you can't install just security updates because the monthly security fixes come bundled with non-security fixes as well in the same package. You could get them separately on Windows 7/8 but those days are gone. The only exception is what's known as out-of-band patches when something is so high risk and is being actively exploited that Microsoft releases a standalone update outside the monthly schedule, because it's too urgent to wait. These are only a very small minority of security updates, though.
I suspect what you've been avoiding are the "feature updates" rather than non-security updates. These are significant annual upgrades and are more like a Windows version update than a regular patch. Deferring them for a while is fine, but Microsoft only supports old versions for a limited time and then they stop getting any updates, including security.
The dates for Windows 10 are here. Basically, if you're not on the 22H2 feature pack you won't get any updates, including security. If that's what you just installed then you made the right call and bought yourself another year. learn.microsoft.com/en-us/lifecycle/products/windows-10-home-and-pro

@@ProTechShow Thank you for your time and detailed info. I apologize for the insult, you earned a subscriber.

Because microsoft will brick your computer if you dont. Which makes their software the virus.