Does Windows update really help with security?

Hi everyone. Please no lectures about this, just your thoughts and knowledge.
I know they always say update for security reasons, but is their any hard evidence that security holes etc are really fixed or just speculation and talk? I used XP SP2 for quite a while and didn’t use updates (My motto if its not broken don’t fix it), I experienced no problems with security or compatability. I noticed every compatability issue of any kind nearly always involved SP3. I am now using Windows 7 and I guess I am just after some of your experiences or expertise with regarding updates. Has anyone ever seen a real benefit from updating (performance or security)? Thanks in advance for any comments, thoughts, or knowledge about this. Kind regards.

Here’s how I look at it.
When my media player (VLC) offers an update…I update.
When Comodo offers an update…I update.
When video card offers an update…I update…etc etc.
So why wouldn’t I update my Windows.

always make a restore point before updating any program

Asking for anecdotal evidence to evaluate the practice of not updating seems next to worthless. How would you know you did patch and had been helped? How would you be sure the patch was without value if you didn’t update and weren’t harmed? Perhaps you have dodged a bullet. So far.

If Microsoft says it’s broken, when they have a lot of reasons to not say so (and often do drag their feet when there are dangerous vulnerabilities), the idea that you can tell better that it is not broken because you haven’t had a problem (yet) puzzles me.

Windows Update typically is responsive to bug reports and proof of concept security holes in Windows. Reading the security release documentation and the security community reports about the updates apparently doesn’t count as hard evidence to you, but I’m not sure what you would accept if that is true.

In addition to what was said above by those guys who responded

1) Short answer without “…lectures about…” - That is a must do! Period !

2) SP3 does not have any compatibility issues whatsoever (> than 800 installations of different Software here on XP)
Problems users having are related only to improper installation of SP3 (different topic …or… lecture :D)
So, SP3 is another “must have”.

Are there some issues with MS updates many of which are not security related, though (stressing) - Yes!

Was my post short enough this time? ;D Cheers!

any hard evidence that security holes etc are really fixed
Sometimes it's fixed, sometimes it's patched (like a temporary bandaid fix)

Microsoft is not doing software compatibility updates anymore for Windows XP. Only security fixes.

Was my post short enough this time? Grin Cheers!
I'm equally as happy as your longer posts too :) Time for a ■■■■ :■■■■

Hi 00hmh. I didn’t mean for it to come across as if I know better, I was just trying to say that I didn’t experience any issues (maybe I was lucky). What I am trying to say if I use an up to date browser and an up to date Anti-malware program, what does a patch or update actually do on top of these to stop malware. I am trying to learn how a OS patch can stop nasties if these two programs can’t. I know their is all this talk about security holes etc, but wouldn’t your third party Firewall and Antimalware intercept if something tried to get in. Thanks.

Yes and Thanks for your rely on this matter.

To everyone- ok ok ok I get it. Maybe I have been lucky, and thanks to you all for your advice on this matter. Kind regards.

I know they always say update for security reasons, but is their any hard evidence that security holes etc are really fixed or just speculation and talk?

What do you mean by “hard evidence”? The highest level of proof is in the code, not testing or anything “real-world”.

No, there is a lot of stuff your security software can’t intercept. I remember a while ago there was a bug in NtAddAtom that allowed any program to BSOD the computer (and possibly elevate privileges, I can’t remember). Security software won’t stop that kind of thing.

I think you’ve got it the wrong way around. The most important things for computer security, in order of importance:

  1. Use secure software (OS, other services), and get updates.
  2. Don’t run bad programs.

3. Use security software in order to guard against programmer errors (1) and user errors (2).

Remember not so long ago a flaw in the way windows parses shortcuts. The .ink vulnerability!

This wasnt widely exploited as it was a sophisticated attack but all the same if left unchecked it would become more and more widespread if the flaw hadnt been patched.
Maybe your AV had a sig for it, if it didnt then your computer was compromised. Its a cat and mouse game but at the end of the day you need to keep updated. These updates go through rigorous testing to make sure they dont break things. Im not saying unless you update you will become compromised, just why not :wink:


p.s. wj32 i hope you weren`t effected by the recent Sourceforge incident!

I do agree that security software, like DEP provisions in CIS, provide protection when Win OS is broken.

However, many vulnerabilities, prominently including browser vulnerabilities, are in software that we trust and exempt from security software. Security software can be ahead of the curve, but Microsoft has confidential knowledge about vulnerabilities which cannot be discounted.

Besides, when you visit a website and allow graphics rendering or scripting or download a flash object, a script in a pdf or some other software which works in unexpected ways due to Microsoft bugs or “features” the firewall, AV, even the sandbox or BB may be evaded.

The better question is “Why not patch?” Bottom line, even security gurus like Steve Gibson who hate intrusive changes to their systems, and have much more ability to judge the technology, have found it difficult to make expert decisions about what patches to allow, and now advise users to update.

Hi all, Thankyou all for your explaining I do appreiciate it.
I guess I didn’t word things as well as I could have. !ot! Concentration is low in this house at this moment in time.
I am just trying to better understand how things work, I am no expert and Imo I am thinking logically not Technically. My way of trying to decipher this maybe totally wrong, but I am just thinking in a logical way.
My cars engine operates the car, my cars brakes stop the car. This maybe totally different in Computer programs. In my way of thinking (Logical) the OS operates the computer and the Security software protects it. Say with Cis and its multi layers of protection (Defense + being the first layer of protection) if all of these are broken (bypassed), I would have thought the OS was in trouble whether it is patched or not. Unless it is patched against every exploit (impossible) then it would render Security software a waste of time. If something like CIS can’t stop certain Malware it is hard to work out how one little OS patch that changes a couple files can. I know alot of you Guys/Girls on this Forum are experts and understand it easily, but from a non expert view logic kicks in, and maybe logic doesn’t work in this case. I am sorry if this not worded in the right way, but if I don’t ask I will never learn. My thoughts are Security programs for Security, Operating system programs for Operating. I am in no way saying anyone is wrong, and some of you maybe even be laughing at me at this moment about my way of thinking. Thanks to you all for your time and effort. Kind regards.

I use this…

to check for updates for all the programs on my computer.

For example, I run this program every week to check for the latest Flash updates.

In fact, I only install programs that I find at
I trust that programs will be safe if I find them there.

To BoredNow. Thanks for your thoughts and advice on this topic. The updatechecker does look interesting thanks. Kind regards.

You could also check out Secunia PSI.

It will keep tabs on your installed programs and let you know if they have known security vulnerabilities. It will also help you update them, either through a wizard or with a direct download link.

The latest version is even supposed to be able to automatically update certain applications, like Flash. I don’t know how well that works though because I prefer to not have anything update without me telling it to update. :wink:

I think you’ve been affected by “security industry” FUD. The operating system has the strongest possible protections. It’s just a matter of how well you use them - flexible security mechanisms are built into every major operating system. In an ideal world security software would be useless, because everyone would take security seriously. But you have everyone turning off UAC (“it’s annoying!”) and running all kinds of programs as admin.

Security software can’t possibly cover every angle either because it’s just too hard to integrate with the operating system completely. And of course, the “security industry” has to make money and must scare people into buying their products. This is an unfortunate situation.

Please note. I did specifically say no Lectures please.
I don’t think I’m affected by anything.
I’m not making people turn anything off.
In an ideal world their would be no security of any kind required, because their would be no malicious activity.
All I was looking for was some thoughts, Knowledge and maybe some explanations on how it all works.
I have obviously worded something wrong here, and I do apologise that my intentions for this topic must have been incorrecly worded. Thanks for your help everyone.
I have decided this Topic has falling into a hole and before it gets any deeper I request for it to be closed. Thanks.
Edit- Crossed out section caused by a misunderstanding

If my responses aren’t welcome, I won’t provide them.

I don't think I'm affected by anything.

I did not mean that personally. I was commenting on the tactics used by the “security industry”.

I'm not making people turn anything off.

I think we have some major misunderstandings here. The “you” there was a generic you.

In an ideal world their would be no security of any kind required, because their would be no malicious activity.

That’s incorrect. You can have bad guys and have perfect security mechanisms. I don’t know where people get their “security can never be 100%” attitude from.

To wj32. Your responses are welcome, I just felt as if you were targeting me. I thankyou for clearing this up and I do apologise for any misunderstandings I had between us. Kind regards.

Sorry, I should have controlled my language a bit better. Sorry about that :o

keeping your system secure can be broadly broken down into two areas:

  1. Keeping the the Operating System secure an updated
  2. keeping your applications, security and others updated

Microsoft and other operating system vendors constantly strive to keep their products updated by releasing patches for known vulnerabilities and programming faults. Malware vendors constantly strive to find and exploit vulnerabilities in the OS.

By keeping your OS updated you lessen the target area for malware exploits. By implementing and updating your security applications, you provide an increasingly smaller attack surface. These two tasks are not mutually exclusive.

Continuing with your car analogy for a moment, one could liken the car to the OS and the cars alarm to the security package you implement. In this scenario, if the cars engine is not serviced, it may fail to operate. If the breaks are not serviced, you may have a fatal accident. Having an alarm system will not prevent either of these potential eventualities.