Ask Slashdot: Make Windows Update Install Only Security Updates Automatically?

An anonymous reader writes: After the news earlier this month about Microsoft forcing the Windows 10 upgrade on people who don't want it, my sizeable extended family has been coming to me for a solution. They don't want to be guinea pigs this early in the Windows 10 release cycle, but it looks like Microsoft may not be giving them a choice. My reading of Woody Leonhard's advice is that the only way to ensure the upgrade doesn't happen is to disable Windows Update, but that seems extreme. I want my family to install security updates, but I don't relish the idea of explaining to them how to install just those and hide the less-desireable updates.

The ideal solution would be to have only security updates install automatically, but it looks like it's easier said than done. I've looked at third-party tools like Autopatcher and Portable Update, but a security-only option doesn't seem to be very standard. From what I've read, Microsoft doesn't even package security updates separately, sometimes mixing merely Important and Recommended updates in the downloaded CAB file. I wish I could get them off Windows, but it's not an option. They use Windows at work or school, and don't want to go through the process of learning another OS. Maybe the current situation with Windows 10 will convince them eventually, but they need something now. I would really like to come up with a solution before the next Patch Tuesday on October 13. Do any of the more knowledgeable Slashdotters out there have any advice?

Fail idea

[drinkypoo]

If any number of people did this, then Microsoft would just push a "security" update that offered you Windows 10 or installed spying on the basis that they could somehow offer you more security. "KB6666666 - improve security by making windows phone home at every opportunity"

Re: Fail idea

Now, of course, I read the descriptions.

Don't worry, Microsoft has a solution for that: with Windows 10, they simply don't offer descriptions. They've also started bundling feature updates and security updates into single patches. Probably. From what people have been able to determine that existing patches do.

There's no reason they can't decide to start doing that for all updates. Will KB414140 force you to install Windows 10? Include telemetry? Fix a zero-day exploit that's being actively exploited? All of the above? Who knows!

Re: Fail idea

[FeriteCore]

They already do this by offering totally meaningless descriptions. Reading descriptions does no good when they contain no actual information.

run and hide

[denbesten]

Unless you wish to become the IT department for your sizeable extended family, don't touch this. The moment you take over patch management is the moment that others (Microsoft, Geek Squad, MS Fixit, etc.) cease being able to fix minor problems when their PCs go goofy.

If you do want to become the IT department, look into Microsoft's Enterprise solutions. They continue to allow personalized patch management there.

Re:I was going to suggest Debian GNU/Linux.

[drinkypoo]

Knowing how frustrating it can be when an operating system provider ends up trashing an existing installation through what should be routine updates, I realized that I could not possibly recommend Debian. Perhaps the submitter could do what I did: switch to FreeBSD.

Well, there's also switching to Linux Mint, which is what I suggest at this time. I'll probably keep advocating that at least up until they decide what to do about systemd in the long term. Hopefully, longer.

FreeBSD has shown itself to be the future.

It's not even the present if you want a decent nVidia driver or if you want to run vmware, which I still use to handle some cases that make KVM shit itself. Other than that, I have nothing against it, but that's enough to make it a show-stopper for me. Linux also runs on more hardware, and I prefer to have more or less one OS on everything for my convenience. My router runs Linux, my NAS runs Linux, my desktop (not the gaming one, but anyway) runs Linux, my handhelds even run Linux, albeit a kind of wacky version thereof. Oh yeah, got a fire stick coming, that runs Linux. All my game consoles with ethernet ports run Linux when I want them to, except for the 360... which I am probably about to donate to someone who lost all their shit in the recent fires. Guess I should put the screws back in it just in case they ever drop it.