How often do you update your browser on your PC?

Questions on how we spend our money and our time - consumer goods and services, home and vehicle, leisure and recreational activities
Topic Author
water2357
Posts: 654
Joined: Sat Sep 12, 2020 9:24 am

How often do you update your browser on your PC?

Post by water2357 »

How often do you update your browser on your PC?

Do you set it on automatic updates? And if so, have you ever been faced with any problems due to an automatic update?

Have you ever had any security issues with a financial institution due to an out dated browser?
User avatar
pokebowl
Posts: 583
Joined: Sat Dec 17, 2016 6:22 pm
Location: Alaska

Re: How often do you update your browser on your PC?

Post by pokebowl »

water2357 wrote: Wed Oct 05, 2022 11:06 pm How often do you update your browser on your PC?

Do you set it on automatic updates? And if so, have you ever been faced with any problems due to an automatic update?

Have you ever had any security issues with a financial institution due to an out dated browser?
I have mine set to auto update. In terms of issues no, not with modern browsers and if I did its simple to correct for.

In terms of issues with outdated browsers, you would really need something ancient to get such errors. Financial institutions are usually the last to incorporate modern cybersecurity best practices and tend to want to accommodate as many of their customers as possible. A local credit union near me, still has backwards compatibility for internet explorer versions that have been 'sunsetted' over a decade ago. I'd figure if you are using a very out of date browser, you will probably run into security issues with basic web browsing prior to any issues with your banking institutions.
User avatar
enad
Posts: 1581
Joined: Fri Aug 12, 2022 2:50 pm

Re: How often do you update your browser on your PC?

Post by enad »

water2357 wrote: Wed Oct 05, 2022 11:06 pm How often do you update your browser on your PC?

Do you set it on automatic updates? And if so, have you ever been faced with any problems due to an automatic update?

Have you ever had any security issues with a financial institution due to an out dated browser?
On Linux it is automatic, but the Linux people do a much better job at testing the browser before it's released. On Windows I am only too happy to be up to 8 weeks out of date as I don't want to be a guinea pig. All of our Windows run in Virtual Machines on Linux hosts
What Goes Up Must come down -- David Clayton-Thomas (1968), BST
SnowBog
Posts: 4680
Joined: Fri Dec 21, 2018 10:21 pm

Re: How often do you update your browser on your PC?

Post by SnowBog »

IMHO running on an out-of-date and unpatched browser, operating system, or application is not much different than refusing to lock your doors and close your windows when you aren't home (or are asleep). You are providing would be attackers an easy target of convenience that could have been avoided by simple actions on your part (such as enabling automated updates).

On all my devices, from my Windows computers, iOS and Android devices, router, smart TVs, etc - they are all setup for automatic updates everywhere possible. When I'm required to click a button to update, I do so the same day. (For clarity here, some attacks are made to look like "updates" you should click on... Learn to tell the difference between real updates vs. attempts FYI get you to do dumb things.)

The only exception I make is for devices that aren't connected to a network. For example, we have one "smart" TV we use as a "dumb" TV where it has no benefit from accessing the internet, and thus its network is off so it can't update.
User avatar
canidothat
Posts: 55
Joined: Thu Jun 24, 2021 5:45 am
Location: Alaska, United States

Re: How often do you update your browser on your PC?

Post by canidothat »

Auto update here too, which could be the reason why I have no idea if security issues might occur when it comes to banks. I believe updating your browser is important to ensure that you have the latest security and features updates. By keeping your browser up-to-date, you'll be able to browse the web more securely and enjoy a better browsing experience.
snapping moments–one bajillion buttons at a time
freakyfriday
Posts: 184
Joined: Tue Aug 23, 2022 10:00 am
Location: London

Re: How often do you update your browser on your PC?

Post by freakyfriday »

SnowBog wrote: Thu Oct 06, 2022 1:58 am IMHO running on an out-of-date and unpatched browser, operating system, or application is not much different than refusing to lock your doors and close your windows when you aren't home (or are asleep). You are providing would be attackers an easy target of convenience that could have been avoided by simple actions on your part (such as enabling automated updates).

On all my devices, from my Windows computers, iOS and Android devices, router, smart TVs, etc - they are all setup for automatic updates everywhere possible. When I'm required to click a button to update, I do so the same day. (For clarity here, some attacks are made to look like "updates" you should click on... Learn to tell the difference between real updates vs. attempts FYI get you to do dumb things.)

The only exception I make is for devices that aren't connected to a network. For example, we have one "smart" TV we use as a "dumb" TV where it has no benefit from accessing the internet, and thus its network is off so it can't update.
100% the idea of purposely not updating a browser is complete and utter madness.

These days browsers either let you select a 'channel' or switch between them. Make sure you install the default/stable channel and turn in auto update.

Web browsing is by far the biggest security risk of our age.
User avatar
oldcomputerguy
Moderator
Posts: 17878
Joined: Sun Nov 22, 2015 5:50 am
Location: Tennessee

Re: How often do you update your browser on your PC?

Post by oldcomputerguy »

I'm running Linux Mint here. The system is set to alert me when any updates are available. As a general rule, I apply all updates when they drop. This includes my browsers in particular, as browsing is probably the most vulnerable attack vector. So I can't say whether there have been any problems using an out-of-date browser.

The only time I've run into trouble after a browser update is with my brick-and-mortar bank. A few months ago, I allowed an update of my Chrome browser install, after which some protocol element or other failed when trying to log into my bank which prevented me from logging on. After some experimentation, I determined that I could use the installed Chromium browser (which had not yet been updated) with no problem, and I could also log into the bank on Chrome with an incognito window (which unfortunately forced me to do the "2FA" / "remember this computer" business every time I tried this path). For jollies, I tried all this under the identical version of Chrome installed on Windows 10, did the same thing. I sent all this off to the customer support people at the bank, and got the expected "it's okay here, must be your browser". A month or so after all this happened, however, I did note that the problem using Chrome mysteriously disappeared.
There is only one success - to be able to spend your life in your own way. (Christopher Morley)
UpperNwGuy
Posts: 9446
Joined: Sun Oct 08, 2017 7:16 pm

Re: How often do you update your browser on your PC?

Post by UpperNwGuy »

I manually update whenever my laptop says "update available." I don't like automatic updates, but I don't delay updating. Most updates are security related, so delaying would increase vulnerability.
jebmke
Posts: 25271
Joined: Thu Apr 05, 2007 2:44 pm
Location: Delmarva Peninsula

Re: How often do you update your browser on your PC?

Post by jebmke »

Automatic. They prompt me to restart. Most are security patches. Some browsers like Opera are rarely used so typically they do a major upgrade when I open them.
Stay hydrated; don't sweat the small stuff
lazydavid
Posts: 5124
Joined: Wed Apr 06, 2016 1:37 pm

Re: How often do you update your browser on your PC?

Post by lazydavid »

Firefox and Chrome are both on a 42-day release cycle for "major" releases, so I update every six weeks at a minimum. :) Of course there are patches in between, so more often than that.
freakyfriday
Posts: 184
Joined: Tue Aug 23, 2022 10:00 am
Location: London

Re: How often do you update your browser on your PC?

Post by freakyfriday »

Recent replies bring up a good point.

If you really want to avoid updating software then install an operating system version with 'long term support" or an "extended support" release.

These will avoid updates that add or change features but include security updates. You should update these as soon as they are available and be fairly worry free.
sean.mcgrath
Posts: 786
Joined: Thu Dec 29, 2016 5:15 am
Location: US in NL

Re: How often do you update your browser on your PC?

Post by sean.mcgrath »

UpperNwGuy wrote: Thu Oct 06, 2022 5:29 am I manually update whenever my laptop says "update available." I don't like automatic updates, but I don't delay updating. Most updates are security related, so delaying would increase vulnerability.
Same here.

Re. the bank question: I have not. It does strike me as a reasonable policy, however.
Last edited by sean.mcgrath on Thu Oct 06, 2022 6:09 am, edited 1 time in total.
User avatar
LadyGeek
Site Admin
Posts: 95466
Joined: Sat Dec 20, 2008 4:34 pm
Location: Philadelphia
Contact:

Re: How often do you update your browser on your PC?

Post by LadyGeek »

FYI - The OP is asking about bank policy here: Does anyone know of any banks that will not allow on line access if your browser is not the latest version?
water2357 wrote: Wed Oct 05, 2022 11:06 pm Have you ever had any security issues with a financial institution due to an out dated browser?
Wiki To some, the glass is half full. To others, the glass is half empty. To an engineer, it's twice the size it needs to be.
User avatar
JoeRetire
Posts: 15381
Joined: Tue Jan 16, 2018 1:44 pm

Re: How often do you update your browser on your PC?

Post by JoeRetire »

water2357 wrote: Wed Oct 05, 2022 11:06 pm Do you set it on automatic updates?
Yes.
And if so, have you ever been faced with any problems due to an automatic update?
Never.
Have you ever had any security issues with a financial institution due to an out dated browser?
Not since I stopped using outdated browsers.

Many years ago, I couldn't access my bank's website with one of the browsers I was using at the time. I forget which one it was. It was not a security issue, just an inability to use that old browser at all.

Financial institutions (or their tech partners) must test their website across a huge variety of browsers and versions on many devices.
In order to reduce the huge number of combinations of browsers/versions/operating systems/devices, most choose a cutoff point, before which they won't test. And the smart websites will detect and reject anything older than that cutoff point. This reduces their testing and fixing costs, and reduces their potential liability.

(I used to be in that business domain)
Last edited by JoeRetire on Thu Oct 06, 2022 6:39 am, edited 1 time in total.
This isn't just my wallet. It's an organizer, a memory and an old friend.
User avatar
nisiprius
Advisory Board
Posts: 52105
Joined: Thu Jul 26, 2007 9:33 am
Location: The terrestrial, globular, planetary hunk of matter, flattened at the poles, is my abode.--O. Henry

Re: How often do you update your browser on your PC?

Post by nisiprius »

(Apple Mac, macOS, Apple Safari browser). I avoid automatic updates. I usually install updates whenever I'm reminded or notified, but depending on how "big" they are and how easy they are to undo, I will often wait a few months.

For example, checking right now, I see I am running Safari 15.5, and the current version is 16.0. Similarly, I'm running macOS 12.4 and the current version is 12.6.

We've been disorganized because we've moved, so I'm avoiding disturbances in computer configuration now because I don't have the time to deal with computer update glitches. When things settle down and I have the time to do a full bootable image backup of the main drive I'll update macOS and that will probably include a Safari update.

My life experience is that it is really bad to be more than one major version number behind the current version. Nuisance issues start to accumulate. One implication of that, by the way, is that I'll need a new Mac in a couple of years because my current Mac can't be upgraded to macOS 13, "Ventura," and Apple seems to be on a cycle of an annual major upgrade--so by 2024 the current macOS will be 14.
Annual income twenty pounds, annual expenditure nineteen nineteen and six, result happiness; Annual income twenty pounds, annual expenditure twenty pounds ought and six, result misery.
User avatar
LadyGeek
Site Admin
Posts: 95466
Joined: Sat Dec 20, 2008 4:34 pm
Location: Philadelphia
Contact:

Re: How often do you update your browser on your PC?

Post by LadyGeek »

nisiprius wrote: Thu Oct 06, 2022 6:24 am (Apple Mac, macOS, Apple Safari browser). I avoid automatic updates. I usually install updates whenever I'm reminded or notified, but depending on how "big" they are and how easy they are to undo, I will often wait a few months.
There should be no need for you to undo an update.

Security threats are happening in real-time and the browser developers are pushing out updates as fast as they can. Please reconsider this approach and use automatic updates. This includes your OS.
Wiki To some, the glass is half full. To others, the glass is half empty. To an engineer, it's twice the size it needs to be.
homebuyer6426
Posts: 1830
Joined: Tue Feb 07, 2017 8:08 am

Re: How often do you update your browser on your PC?

Post by homebuyer6426 »

Unfortunately many of the updates to browsers and OSes bring a lot of unwanted changes along with the security protection, generally focused on tracking you, consolidating data, requiring accounts for things that used to be accountless, etc. I generally delay updates until it gets annoying. Then when I finally update, there's some new unwanted thing I have to figure out how to disable. Haven't had a virus or security problem with a PC in almost 20 years.

The days in computing where the user was given enough respect to be able to choose to update, instead of having it forced on them, were nice ones. You can still go back to them if you want to go through the effort of configuring a lot of stuff yourself.

No, haven't had any browser issues with financial institutions.
45% Total Stock Market | 52% Consumer Staples | 3% Short Term Reserves
jayjayc
Posts: 637
Joined: Tue Jun 25, 2013 11:38 pm

Re: How often do you update your browser on your PC?

Post by jayjayc »

Why not keep multiple browsers installed on your PC? Main daily driver on auto-update. Backup browser in case you need an older version.
User avatar
enad
Posts: 1581
Joined: Fri Aug 12, 2022 2:50 pm

Re: How often do you update your browser on your PC?

Post by enad »

SnowBog wrote: Thu Oct 06, 2022 1:58 am IMHO running on an out-of-date and unpatched browser, operating system, or application is not much different than refusing to lock your doors and close your windows when you aren't home (or are asleep). You are providing would be attackers an easy target of convenience that could have been avoided by simple actions on your part (such as enabling automated updates).

On all my devices, from my Windows computers, iOS and Android devices, router, smart TVs, etc - they are all setup for automatic updates everywhere possible. When I'm required to click a button to update, I do so the same day. (For clarity here, some attacks are made to look like "updates" you should click on... Learn to tell the difference between real updates vs. attempts FYI get you to do dumb things.)

The only exception I make is for devices that aren't connected to a network. For example, we have one "smart" TV we use as a "dumb" TV where it has no benefit from accessing the internet, and thus its network is off so it can't update.
Automatic updates can be a plus but they can also be a pain. Being the first to get a patch is not always the smartest thing to do either. These days patches are often tested by rolling them out to the user community. If it breaks, hopefully they get enough telemetry to fix the issue, or enough people complain and it gets fixed. It's way to common for Firefox or Chrome to issue an update and within 1-2 days issue a 2nd update to the patch and in a week an update to the update.

If it's an OS, better make sure you have good backups.

If the company or institution isn't going to adequately test their product (Microsoft stopped doing this when Windows 10 was release) and instead roll it out to the user community to see what happens, I am only to happy that there are people willing to have automatic updates. Their sacrifice will insure that by the time I install it, the bugs that bring them down have been fixed. Usually 1-2 weeks after the update is out, it's considered safer than it was on the first day, unless it's a ZERO DAY patch.
What Goes Up Must come down -- David Clayton-Thomas (1968), BST
User avatar
enad
Posts: 1581
Joined: Fri Aug 12, 2022 2:50 pm

Re: How often do you update your browser on your PC?

Post by enad »

jayjayc wrote: Thu Oct 06, 2022 11:19 am Why not keep multiple browsers installed on your PC? Main daily driver on auto-update. Backup browser in case you need an older version.
I do this in Linux but mainly to access a modem/router that no longer works with modern browsers. It's simple in Linux, much harder to do in Windows (involves wrapping the binary). In Linux I have 3 browsers installed Firefox, Chromium and Chrome and I still get to choose when to update them. In Linux, they do a better job of testing but I still hold off 2-3 days. On Windows I hold off at least 2 weeks but sometimes up to 2 months. By then every website I visit is telling me my browser is too old. Some websites even go so far as telling me my browser is too old when the last patch was installed 3 days ago. Go figure. I guess they were sued one to many times.
What Goes Up Must come down -- David Clayton-Thomas (1968), BST
User avatar
enad
Posts: 1581
Joined: Fri Aug 12, 2022 2:50 pm

Re: How often do you update your browser on your PC?

Post by enad »

nisiprius wrote: Thu Oct 06, 2022 6:24 am ... One implication of that, by the way, is that I'll need a new Mac in a couple of years because my current Mac can't be upgraded to macOS 13, "Ventura," and Apple seems to be on a cycle of an annual major upgrade--so by 2024 the current macOS will be 14.
If you believe your hardware is more than capable, have you considered running Linux (Linux Mint is a great all around OS and comes in flavors that appeal to either Windows or Apple oriented users). Then you can install Virtualbox from Oracle and run whatever version of iOS you want in a Virtual Machine (your current one and the next one)

We run Linux and Windows in virtual machines on Linux hosts. When Windows 11 was introduced I got a warning on the Windows 10 virtual machine stating it was not possible to run Windows 11. A few changes to the registry and what do you know, Microsoft reports that I can run Windows 11. It's same changes that Microsoft informed their development team to use in order to develop Windows 11. I have an 11 year old Dell laptop that still has plenty of umph under the hood and runs Linux Mint (as the Host) and Windows 8.1 and Windows 11 (as the Guest OS in Virtual Machines)
What Goes Up Must come down -- David Clayton-Thomas (1968), BST
audioengr
Posts: 140
Joined: Thu Dec 17, 2020 9:44 am
Location: Knoxville

Re: How often do you update your browser on your PC?

Post by audioengr »

enad wrote: Thu Oct 06, 2022 12:18 pm
SnowBog wrote: Thu Oct 06, 2022 1:58 am IMHO running on an out-of-date and unpatched browser, operating system, or application is not much different than refusing to lock your doors and close your windows when you aren't home (or are asleep). You are providing would be attackers an easy target of convenience that could have been avoided by simple actions on your part (such as enabling automated updates).

On all my devices, from my Windows computers, iOS and Android devices, router, smart TVs, etc - they are all setup for automatic updates everywhere possible. When I'm required to click a button to update, I do so the same day. (For clarity here, some attacks are made to look like "updates" you should click on... Learn to tell the difference between real updates vs. attempts FYI get you to do dumb things.)

The only exception I make is for devices that aren't connected to a network. For example, we have one "smart" TV we use as a "dumb" TV where it has no benefit from accessing the internet, and thus its network is off so it can't update.
Automatic updates can be a plus but they can also be a pain. Being the first to get a patch is not always the smartest thing to do either. These days patches are often tested by rolling them out to the user community. If it breaks, hopefully they get enough telemetry to fix the issue, or enough people complain and it gets fixed. It's way to common for Firefox or Chrome to issue an update and within 1-2 days issue a 2nd update to the patch and in a week an update to the update.

If it's an OS, better make sure you have good backups.

If the company or institution isn't going to adequately test their product (Microsoft stopped doing this when Windows 10 was release) and instead roll it out to the user community to see what happens, I am only to happy that there are people willing to have automatic updates. Their sacrifice will insure that by the time I install it, the bugs that bring them down have been fixed. Usually 1-2 weeks after the update is out, it's considered safer than it was on the first day, unless it's a ZERO DAY patch.
You're clearly a very intelligent, sophisticated computer user, but you assertion that MS doesn't test Windows patches/releases is beyond belief.
MS Does Not just release updates to the general community for them to "Test". There is a Beta program and if you want to opt in, by all means proceed. Just because you believe Linux is "better" doesn't make you correct.

Windows has had to option to revert to a previous build for a LONG Time. Restore points have been available since Win XP - released October 2001.
Linux too has the option to revert to a previous version. And if you're running VMs, why not just snapshot before you update? Very easy to restore if the update doesn't behave as you want?
User avatar
enad
Posts: 1581
Joined: Fri Aug 12, 2022 2:50 pm

Re: How often do you update your browser on your PC?

Post by enad »

LadyGeek wrote: Thu Oct 06, 2022 5:54 am FYI - The OP is asking about bank policy here: Does anyone know of any banks that will not allow on line access if your browser is not the latest version?
water2357 wrote: Wed Oct 05, 2022 11:06 pm Have you ever had any security issues with a financial institution due to an out dated browser?
My two credit unions will warn me if my browser is too far out of date. One of them said Chrome needed to be at least version 67 (May 2018) in order to access their website. I've had more issues trying to access the Credit Union on smart phones (not having their latest app version) or not having the correct version of the Android OS. Can't say this Chrome example is universal, but I should think one would be okay with a browser that is 1 or 2 months out of date. If not the website will inform you.

You don't want to have the latest and greatest of any patch (browser or OS) unless it's a ZERO DAY patch (which you will hear on the nightly news). First adopters are the ones that end up with issues on their devices and hopefully the place that issues the patch gets enough telemetry or complaints that they can fix it within 1-2 days. Same goes for anti-virus program updates (not the daily updates). And what it also means is you want to make sure you have backups and recent ones.
What Goes Up Must come down -- David Clayton-Thomas (1968), BST
Broken Man 1999
Posts: 8620
Joined: Wed Apr 08, 2015 11:31 am
Location: West coast of Florida, near Champa Bay !

Re: How often do you update your browser on your PC?

Post by Broken Man 1999 »

My browser is updated automatically when a new version is available. Same with OS updates and security patches.

Broken Man 1999
“If I cannot drink Bourbon and smoke cigars in Heaven then I shall not go." - Mark Twain
gavinsiu
Posts: 4470
Joined: Sun Nov 14, 2021 11:42 am

Re: How often do you update your browser on your PC?

Post by gavinsiu »

I have browser set up to auto update. If something breaks I will use a different browser until the issue is fixed. I don’t want to get caught by a zero day vulnerability.
User avatar
enad
Posts: 1581
Joined: Fri Aug 12, 2022 2:50 pm

Re: How often do you update your browser on your PC?

Post by enad »

audioengr wrote: Thu Oct 06, 2022 12:45 pm
enad wrote: Thu Oct 06, 2022 12:18 pm
SnowBog wrote: Thu Oct 06, 2022 1:58 am IMHO running on an out-of-date and unpatched browser, operating system, or application is not much different than refusing to lock your doors and close your windows when you aren't home (or are asleep). You are providing would be attackers an easy target of convenience that could have been avoided by simple actions on your part (such as enabling automated updates).

On all my devices, from my Windows computers, iOS and Android devices, router, smart TVs, etc - they are all setup for automatic updates everywhere possible. When I'm required to click a button to update, I do so the same day. (For clarity here, some attacks are made to look like "updates" you should click on... Learn to tell the difference between real updates vs. attempts FYI get you to do dumb things.)

The only exception I make is for devices that aren't connected to a network. For example, we have one "smart" TV we use as a "dumb" TV where it has no benefit from accessing the internet, and thus its network is off so it can't update.
Automatic updates can be a plus but they can also be a pain. Being the first to get a patch is not always the smartest thing to do either. These days patches are often tested by rolling them out to the user community. If it breaks, hopefully they get enough telemetry to fix the issue, or enough people complain and it gets fixed. It's way to common for Firefox or Chrome to issue an update and within 1-2 days issue a 2nd update to the patch and in a week an update to the update.

If it's an OS, better make sure you have good backups.

If the company or institution isn't going to adequately test their product (Microsoft stopped doing this when Windows 10 was release) and instead roll it out to the user community to see what happens, I am only to happy that there are people willing to have automatic updates. Their sacrifice will insure that by the time I install it, the bugs that bring them down have been fixed. Usually 1-2 weeks after the update is out, it's considered safer than it was on the first day, unless it's a ZERO DAY patch.
You're clearly a very intelligent, sophisticated computer user,
Thank-you
but you assertion that MS doesn't test Windows patches/releases is beyond belief. MS Does Not just release updates to the general community for them to "Test". There is a Beta program and if you want to opt in, by all means proceed.
What I said was "Microsoft doesn't adequately test their product"

Somewhere in 2014/2015, Microsoft exchanged the in-house Testing team with Telemetry data that it gathers from
Insider Builds that it pushes to consumer and business devices, and replaced much of the PCs that it used for testing with virtual environments. All of that led to an increased number of issues and bugs that customers face on production machines when installing Windows updates or feature updates.

Here's an article from Computer World dated 19 October 2019

in which the writer references Jerry Berg, a Microsoft senior software development engineer for testing who was on the team and worked at the company for 15 years. Berg states “Fundamentally, Microsoft has replaced flesh-and-blood people who create automatic test sequences … [with] ourselves, the consumers.

Just because you believe Linux is "better" doesn't make you correct.
Your words, not mine
Windows has had to option to revert to a previous build for a LONG Time. Restore points have been available since Win XP - released October 2001.
Yes, I am familiar with Restore Points but you may not have access to them if your machine can't boot as a result of a patch.
Linux too has the option to revert to a previous version. And if you're running VMs, why not just snapshot before you update? Very easy to restore if the update doesn't behave as you want?
I don't have any issues with Linux. I wrote my own backup script which backups the OS, home directories, key system modified files, and the Virtual Machines to a local drive on the PC, and to network drives. I check the backup for integrity and the network/USB copies to make sure they are good so that if I need them I have high confidence they are good.

Since April of this year, MS has bricked four of our virtual machines (1 running 8.1 Pro, 3 running Windows 10 Pro), but they were restored from backups in less than 30 minutes.

Best Wishes
Last edited by enad on Thu Oct 06, 2022 2:24 pm, edited 1 time in total.
What Goes Up Must come down -- David Clayton-Thomas (1968), BST
audioengr
Posts: 140
Joined: Thu Dec 17, 2020 9:44 am
Location: Knoxville

Re: How often do you update your browser on your PC?

Post by audioengr »

enad wrote: Thu Oct 06, 2022 1:43 pm
audioengr wrote: Thu Oct 06, 2022 12:45 pm
enad wrote: Thu Oct 06, 2022 12:18 pm
SnowBog wrote: Thu Oct 06, 2022 1:58 am IMHO running on an out-of-date and unpatched browser, operating system, or application is not much different than refusing to lock your doors and close your windows when you aren't home (or are asleep). You are providing would be attackers an easy target of convenience that could have been avoided by simple actions on your part (such as enabling automated updates).

On all my devices, from my Windows computers, iOS and Android devices, router, smart TVs, etc - they are all setup for automatic updates everywhere possible. When I'm required to click a button to update, I do so the same day. (For clarity here, some attacks are made to look like "updates" you should click on... Learn to tell the difference between real updates vs. attempts FYI get you to do dumb things.)

The only exception I make is for devices that aren't connected to a network. For example, we have one "smart" TV we use as a "dumb" TV where it has no benefit from accessing the internet, and thus its network is off so it can't update.
Automatic updates can be a plus but they can also be a pain. Being the first to get a patch is not always the smartest thing to do either. These days patches are often tested by rolling them out to the user community. If it breaks, hopefully they get enough telemetry to fix the issue, or enough people complain and it gets fixed. It's way to common for Firefox or Chrome to issue an update and within 1-2 days issue a 2nd update to the patch and in a week an update to the update.

If it's an OS, better make sure you have good backups.

If the company or institution isn't going to adequately test their product (Microsoft stopped doing this when Windows 10 was release) and instead roll it out to the user community to see what happens, I am only to happy that there are people willing to have automatic updates. Their sacrifice will insure that by the time I install it, the bugs that bring them down have been fixed. Usually 1-2 weeks after the update is out, it's considered safer than it was on the first day, unless it's a ZERO DAY patch.
You're clearly a very intelligent, sophisticated computer user,
Thank-you
but you assertion that MS doesn't test Windows patches/releases is beyond belief. MS Does Not just release updates to the general community for them to "Test". There is a Beta program and if you want to opt in, by all means proceed.
What I said was "Microsoft doesn't adequately test their product"
Just because you believe Linux is "better" doesn't make you correct.
Your words, not mine
Windows has had to option to revert to a previous build for a LONG Time. Restore points have been available since Win XP - released October 2001.
Yes, I am familiar with Restore Points but you may not have access to them if your machine can't boot as a result of a patch.
Linux too has the option to revert to a previous version. And if you're running VMs, why not just snapshot before you update? Very easy to restore if the update doesn't behave as you want?
Somewhere in 2014/2015, Microsoft exchanged the in-house Testing team with Telemetry data that it gathers from Insider Builds that it pushes to consumer and business devices, and replaced much of the PCs that it used for testing with virtual environments. All of that led to an increased number of issues and bugs that customers face on production machines when installing Windows updates or feature updates.

I don't have any issues with Linux. I wrote my own backup script which backups the OS, home directories, key system modified files, and the Virtual Machines to a local drive on the PC, and to network drives. I check the backup for integrity and the network/USB copies to make sure they are good so that if I need them I have high confidence they are good.

Since April of this year, MS has bricked four of our virtual machines (1 running 8.1 Pro, 3 running Windows 10 Pro), but they were restored from backups in less than 30 minutes.

Best Wishes
Barring a hardware failure (not Windows Update fault) you can always boot to recovery media, then roll back the update.
The procedure is well documented, if you need assistance. - Google is your friend.

Windows 8.1 is a Very Old OS that is End of Life/Support in Jan 2023.
Unless you've got a specific use case (ancient program that is not supported in Win10), it's time to move on.

As for Windows 10, unless you're running LTSC (Long Term Servicing Channel, now called LTSB - Long Term Servicing Branch) you should be updating fairly regularly to stay ahead of the by-yearly version changes. LTSC/LTSB are available in Enterprise License, which can also remove the Telemetry you referred to.

As for Windows Updates - I regularly see them pushed out to the 1000s of workstations at my job. Major issues are few and far between.
If you want to be cautious, turn off auto updates, wait a week or two following the releases, then update. Any known issues should have been discovered by then.
jebmke
Posts: 25271
Joined: Thu Apr 05, 2007 2:44 pm
Location: Delmarva Peninsula

Re: How often do you update your browser on your PC?

Post by jebmke »

jayjayc wrote: Thu Oct 06, 2022 11:19 am Why not keep multiple browsers installed on your PC? Main daily driver on auto-update. Backup browser in case you need an older version.
I do -- I have five (use 4); but I update them all. I've never had a browser fail after an update.

One way to keep everything frozen is to install a VM and close the VM at the end and revert to original state. That has added value of zapping anything that happened on that machine after boot up.
Stay hydrated; don't sweat the small stuff
SnowBog
Posts: 4680
Joined: Fri Dec 21, 2018 10:21 pm

Re: How often do you update your browser on your PC?

Post by SnowBog »

enad wrote: Thu Oct 06, 2022 12:18 pm
SnowBog wrote: Thu Oct 06, 2022 1:58 am IMHO running on an out-of-date and unpatched browser, operating system, or application is not much different than refusing to lock your doors and close your windows when you aren't home (or are asleep). You are providing would be attackers an easy target of convenience that could have been avoided by simple actions on your part (such as enabling automated updates).

On all my devices, from my Windows computers, iOS and Android devices, router, smart TVs, etc - they are all setup for automatic updates everywhere possible. When I'm required to click a button to update, I do so the same day. (For clarity here, some attacks are made to look like "updates" you should click on... Learn to tell the difference between real updates vs. attempts FYI get you to do dumb things.)

The only exception I make is for devices that aren't connected to a network. For example, we have one "smart" TV we use as a "dumb" TV where it has no benefit from accessing the internet, and thus its network is off so it can't update.
Automatic updates can be a plus but they can also be a pain. Being the first to get a patch is not always the smartest thing to do either. These days patches are often tested by rolling them out to the user community. If it breaks, hopefully they get enough telemetry to fix the issue, or enough people complain and it gets fixed. It's way to common for Firefox or Chrome to issue an update and within 1-2 days issue a 2nd update to the patch and in a week an update to the update.

If it's an OS, better make sure you have good backups.

If the company or institution isn't going to adequately test their product (Microsoft stopped doing this when Windows 10 was release) and instead roll it out to the user community to see what happens, I am only to happy that there are people willing to have automatic updates. Their sacrifice will insure that by the time I install it, the bugs that bring them down have been fixed. Usually 1-2 weeks after the update is out, it's considered safer than it was on the first day, unless it's a ZERO DAY patch.
Fair point - sort-of...

What I think is missed from your view is that not everyone releases patches to mainstream end-users as you seem to imply.

Let's pick on Microsoft, since you pointed them out. My understanding is most software companies "dogfood" their products, meaning they are deployed internally first. Additionally, they have an "insider" community which is filled with people who volunteer to download and test out "early releases" including new updates, patches, etc. These tend to be those people who like being on the "cutting edge" and/or who enjoy being part of the process to launch new updates including finding and reporting issues. Microsoft also - when allowed - leverages "telemetry" data - meaning they want (and I think require of "insiders") to get notified when things aren't working. They use that to understand if a given patch/update made improvements or made things worse, and if worse, then they are supposed to fix/improve the issue before they roll it out further.

Specific to their Edge browser, they have at least 3 publicly accessible "channels" in their "insider" program: https://www.microsoftedgeinsider.com/en-us/download/ Those who want to help can get daily updates, weekly updates, or major updates every 4 weeks. So, unless it's an "emergency security fix" which they push out immediately (very rare), it's going to be running on lots of devices long before it's ever released as an update to "regular users" who haven't opted into the "insider" program.

Edited to add: for clarity - I wouldn't recommend joining those "insider" channels unless you understand what you are doing and want to be part of that process. The point I was making was for any given patch, its gone through their "internal" process, if no major issues found i'ts released to the "daily" channel, if no major issues found released to the "weekly" channel, if no major issues found released to the "4 week" channel, if no major issues found it's released to the "mainstream"/general availability for everyone else.

So, what you propose above is already happening with that volunteer "insider" community. You waiting 1-2 weeks "extra" likely adds nothing... Sure, there is a possibility that some unknown bug pops up in some unique configuration that wasn't encountered in the more limited "insider" group, but I'd argue for 99% of the users that bug won't matter to them for the same reason it wasn't previously found - they don't happen to have that unique configuration that triggered it to begin with...

Speaking of unique configurations, when everything is kept up-to-date, you are in a known/supported configuration. When you randomly have some things updated, others not, you are just adding to the infinite numbers of incredibly hard to test configurations.

As such, and specific to Microsoft or others who follow a similar release process with lots of people who help "find the bumps" before its released, my recommendation remains enabling automatic updates. The benefits are far higher than the perceived risks. Especially when most users aren't going to spend the time to find out about updates, manage a calendar to wait 1-2 weeks as you suggest, and then manually update. Far better to just let the mainstream processes do their job, set to auto-update, and spend your time on things more valuable to you.
Last edited by SnowBog on Thu Oct 06, 2022 3:42 pm, edited 1 time in total.
SnowBog
Posts: 4680
Joined: Fri Dec 21, 2018 10:21 pm

Re: How often do you update your browser on your PC?

Post by SnowBog »

freakyfriday wrote: Thu Oct 06, 2022 4:52 am
SnowBog wrote: Thu Oct 06, 2022 1:58 am IMHO running on an out-of-date and unpatched browser, operating system, or application is not much different than refusing to lock your doors and close your windows when you aren't home (or are asleep). You are providing would be attackers an easy target of convenience that could have been avoided by simple actions on your part (such as enabling automated updates).

On all my devices, from my Windows computers, iOS and Android devices, router, smart TVs, etc - they are all setup for automatic updates everywhere possible. When I'm required to click a button to update, I do so the same day. (For clarity here, some attacks are made to look like "updates" you should click on... Learn to tell the difference between real updates vs. attempts FYI get you to do dumb things.)

The only exception I make is for devices that aren't connected to a network. For example, we have one "smart" TV we use as a "dumb" TV where it has no benefit from accessing the internet, and thus its network is off so it can't update.
100% the idea of purposely not updating a browser is complete and utter madness.

These days browsers either let you select a 'channel' or switch between them. Make sure you install the default/stable channel and turn in auto update.

Web browsing is by far the biggest security risk of our age.
Depends on your definition of "web browsing"... I'd argue - and I've seen lots of data points to support my view - that passwords are actually the biggest risk, through horribly weak passwords, reused passwords, exposing passwords through phishing attacks (or social engineering), or potentially through unpatched browsers.

But unpatched software makes attackers life just that much easier...
User avatar
JoeRetire
Posts: 15381
Joined: Tue Jan 16, 2018 1:44 pm

Re: How often do you update your browser on your PC?

Post by JoeRetire »

SnowBog wrote: Thu Oct 06, 2022 3:05 pmMy understanding is most software companies "dogfood" their products, meaning they are deployed internally first.
They are internally tested by both test automation software and humans, before being deployed internally.
As such, and specific to Microsoft or others who follow a similar release process with lots of people who help "find the bumps" before its released, my recommendation remains enabling automatic updates. The benefits are far higher than the perceived risks. Especially when most users aren't going to spend the time to find out about updates, manage a calendar to wait 1-2 weeks as you suggest, and then manually update. Far better to just let the mainstream processes do their job, set to auto-update, and spend your time on things more valuable to you.
Agreed.
This isn't just my wallet. It's an organizer, a memory and an old friend.
freakyfriday
Posts: 184
Joined: Tue Aug 23, 2022 10:00 am
Location: London

Re: How often do you update your browser on your PC?

Post by freakyfriday »

SnowBog wrote: Thu Oct 06, 2022 3:13 pm
freakyfriday wrote: Thu Oct 06, 2022 4:52 am
SnowBog wrote: Thu Oct 06, 2022 1:58 am IMHO running on an out-of-date and unpatched browser, operating system, or application is not much different than refusing to lock your doors and close your windows when you aren't home (or are asleep). You are providing would be attackers an easy target of convenience that could have been avoided by simple actions on your part (such as enabling automated updates).

On all my devices, from my Windows computers, iOS and Android devices, router, smart TVs, etc - they are all setup for automatic updates everywhere possible. When I'm required to click a button to update, I do so the same day. (For clarity here, some attacks are made to look like "updates" you should click on... Learn to tell the difference between real updates vs. attempts FYI get you to do dumb things.)

The only exception I make is for devices that aren't connected to a network. For example, we have one "smart" TV we use as a "dumb" TV where it has no benefit from accessing the internet, and thus its network is off so it can't update.
100% the idea of purposely not updating a browser is complete and utter madness.

These days browsers either let you select a 'channel' or switch between them. Make sure you install the default/stable channel and turn in auto update.

Web browsing is by far the biggest security risk of our age.
Depends on your definition of "web browsing"... I'd argue - and I've seen lots of data points to support my view - that passwords are actually the biggest risk, through horribly weak passwords, reused passwords, exposing passwords through phishing attacks (or social engineering), or potentially through unpatched browsers.

But unpatched software makes attackers life just that much easier...
Good point, although I do wonder if that's because browsers update themselves quitely, while good password practice requires the user effort (without a password manager).

I really think I could last longer using 'Hunter2' as my password everywhere compared with using a broswer that wasn't patched for some hotbug. But as you say probably depends on the sites you visit.


I meant more in the wider sense. No matter how much Sony have spent on their Playstation 5 security it was a bug in the browser that gave hackers access. Similarly for the Playstation 4 a browser bug is how piracy happens, there was loads. So too with Nintendo's 3DS and the Switch too had exploitable browser bugs. iOS has had repeated 'jailbreak' via safari. What's worse is that all those browsers are webkit based, and bugs found to work on iOS were found to work on Nintendo's Switch.

Passwords are comparitively easy, even if Sony sometimes messes up generating random numbers.

Password managers fix passwords, especially hardware ones like Mooltipass. But browsers seem forever broken.
User avatar
enad
Posts: 1581
Joined: Fri Aug 12, 2022 2:50 pm

Re: How often do you update your browser on your PC?

Post by enad »

SnowBog wrote: Thu Oct 06, 2022 3:05 pm
enad wrote: Thu Oct 06, 2022 12:18 pm
SnowBog wrote: Thu Oct 06, 2022 1:58 am IMHO running on an out-of-date and unpatched browser, operating system, or application is not much different than refusing to lock your doors and close your windows when you aren't home (or are asleep). You are providing would be attackers an easy target of convenience that could have been avoided by simple actions on your part (such as enabling automated updates).

On all my devices, from my Windows computers, iOS and Android devices, router, smart TVs, etc - they are all setup for automatic updates everywhere possible. When I'm required to click a button to update, I do so the same day. (For clarity here, some attacks are made to look like "updates" you should click on... Learn to tell the difference between real updates vs. attempts FYI get you to do dumb things.)

The only exception I make is for devices that aren't connected to a network. For example, we have one "smart" TV we use as a "dumb" TV where it has no benefit from accessing the internet, and thus its network is off so it can't update.
Automatic updates can be a plus but they can also be a pain. Being the first to get a patch is not always the smartest thing to do either. These days patches are often tested by rolling them out to the user community. If it breaks, hopefully they get enough telemetry to fix the issue, or enough people complain and it gets fixed. It's way to common for Firefox or Chrome to issue an update and within 1-2 days issue a 2nd update to the patch and in a week an update to the update.

If it's an OS, better make sure you have good backups.

If the company or institution isn't going to adequately test their product (Microsoft stopped doing this when Windows 10 was release) and instead roll it out to the user community to see what happens, I am only to happy that there are people willing to have automatic updates. Their sacrifice will insure that by the time I install it, the bugs that bring them down have been fixed. Usually 1-2 weeks after the update is out, it's considered safer than it was on the first day, unless it's a ZERO DAY patch.
Fair point - sort-of...

What I think is missed from your view is that not everyone releases patches to mainstream end-users as you seem to imply.

Let's pick on Microsoft, since you pointed them out. My understanding is most software companies "dogfood" their products, meaning they are deployed internally first. Additionally, they have an "insider" community which is filled with people who volunteer to download and test out "early releases" including new updates, patches, etc. These tend to be those people who like being on the "cutting edge" and/or who enjoy being part of the process to launch new updates including finding and reporting issues. Microsoft also - when allowed - leverages "telemetry" data - meaning they want (and I think require of "insiders") to get notified when things aren't working. They use that to understand if a given patch/update made improvements or made things worse, and if worse, then they are supposed to fix/improve the issue before they roll it out further.

Specific to their Edge browser, they have at least 3 publicly accessible "channels" in their "insider" program: https://www.microsoftedgeinsider.com/en-us/download/ Those who want to help can get daily updates, weekly updates, or major updates every 4 weeks. So, unless it's an "emergency security fix" which they push out immediately (very rare), it's going to be running on lots of devices long before it's ever released as an update to "regular users" who haven't opted into the "insider" program.

Edited to add: for clarity - I wouldn't recommend joining those "insider" channels unless you understand what you are doing and want to be part of that process. The point I was making was for any given patch, its gone through their "internal" process, if no major issues found i'ts released to the "daily" channel, if no major issues found released to the "weekly" channel, if no major issues found released to the "4 week" channel, if no major issues found it's released to the "mainstream"/general availability for everyone else.

So, what you propose above is already happening with that volunteer "insider" community. You waiting 1-2 weeks "extra" likely adds nothing... Sure, there is a possibility that some unknown bug pops up in some unique configuration that wasn't encountered in the more limited "insider" group, but I'd argue for 99% of the users that bug won't matter to them for the same reason it wasn't previously found - they don't happen to have that unique configuration that triggered it to begin with...

Speaking of unique configurations, when everything is kept up-to-date, you are in a known/supported configuration. When you randomly have some things updated, others not, you are just adding to the infinite numbers of incredibly hard to test configurations.

As such, and specific to Microsoft or others who follow a similar release process with lots of people who help "find the bumps" before its released, my recommendation remains enabling automatic updates. The benefits are far higher than the perceived risks. Especially when most users aren't going to spend the time to find out about updates, manage a calendar to wait 1-2 weeks as you suggest, and then manually update. Far better to just let the mainstream processes do their job, set to auto-update, and spend your time on things more valuable to you.
Here's an article from Computer World dated 19 October 2019

in which the writer references Jerry Berg, a Microsoft senior software development engineer for testing who was on the team and worked at the company for 15 years. Berg states “Fundamentally, Microsoft has replaced flesh-and-blood people who create automatic test sequences … [with] ourselves, the consumers.


While insiders are useful they are not a substitute for professional testers which Microsoft has done away with. As someone here mentioned (Google is your friend),

Google: Microsoft patch bricked computer

and you'll see lots of horror stories where a simple Microsoft patch presumably vetted by Insiders bricked peoples computers. If it were one or two it would be one thing and if was just once occurrence, but there are far too many occurrences.

OR Google: browser update that resulted in loss of data

On my smartphone, automatic updates are disabled.

Most people who buy a computer or smartphone expect it to work and should not have to understand the internals of the hardware or the OS. They probably don't want to be "insiders" and if they don't understand the importance of backups, all it takes is one incident where they will regret not having a backup or having automatic updates turned on and then either buy the backup software or live with only backing up key files, documents, photo's on a USB drive and turning off automatic updates.

Best Wishes
What Goes Up Must come down -- David Clayton-Thomas (1968), BST
SnowBog
Posts: 4680
Joined: Fri Dec 21, 2018 10:21 pm

Re: How often do you update your browser on your PC?

Post by SnowBog »

enad wrote: Thu Oct 06, 2022 5:44 pm
SnowBog wrote: Thu Oct 06, 2022 3:05 pm
enad wrote: Thu Oct 06, 2022 12:18 pm
SnowBog wrote: Thu Oct 06, 2022 1:58 am IMHO running on an out-of-date and unpatched browser, operating system, or application is not much different than refusing to lock your doors and close your windows when you aren't home (or are asleep). You are providing would be attackers an easy target of convenience that could have been avoided by simple actions on your part (such as enabling automated updates).

On all my devices, from my Windows computers, iOS and Android devices, router, smart TVs, etc - they are all setup for automatic updates everywhere possible. When I'm required to click a button to update, I do so the same day. (For clarity here, some attacks are made to look like "updates" you should click on... Learn to tell the difference between real updates vs. attempts FYI get you to do dumb things.)

The only exception I make is for devices that aren't connected to a network. For example, we have one "smart" TV we use as a "dumb" TV where it has no benefit from accessing the internet, and thus its network is off so it can't update.
Automatic updates can be a plus but they can also be a pain. Being the first to get a patch is not always the smartest thing to do either. These days patches are often tested by rolling them out to the user community. If it breaks, hopefully they get enough telemetry to fix the issue, or enough people complain and it gets fixed. It's way to common for Firefox or Chrome to issue an update and within 1-2 days issue a 2nd update to the patch and in a week an update to the update.

If it's an OS, better make sure you have good backups.

If the company or institution isn't going to adequately test their product (Microsoft stopped doing this when Windows 10 was release) and instead roll it out to the user community to see what happens, I am only to happy that there are people willing to have automatic updates. Their sacrifice will insure that by the time I install it, the bugs that bring them down have been fixed. Usually 1-2 weeks after the update is out, it's considered safer than it was on the first day, unless it's a ZERO DAY patch.
Fair point - sort-of...

What I think is missed from your view is that not everyone releases patches to mainstream end-users as you seem to imply.

Let's pick on Microsoft, since you pointed them out. My understanding is most software companies "dogfood" their products, meaning they are deployed internally first. Additionally, they have an "insider" community which is filled with people who volunteer to download and test out "early releases" including new updates, patches, etc. These tend to be those people who like being on the "cutting edge" and/or who enjoy being part of the process to launch new updates including finding and reporting issues. Microsoft also - when allowed - leverages "telemetry" data - meaning they want (and I think require of "insiders") to get notified when things aren't working. They use that to understand if a given patch/update made improvements or made things worse, and if worse, then they are supposed to fix/improve the issue before they roll it out further.

Specific to their Edge browser, they have at least 3 publicly accessible "channels" in their "insider" program: https://www.microsoftedgeinsider.com/en-us/download/ Those who want to help can get daily updates, weekly updates, or major updates every 4 weeks. So, unless it's an "emergency security fix" which they push out immediately (very rare), it's going to be running on lots of devices long before it's ever released as an update to "regular users" who haven't opted into the "insider" program.

Edited to add: for clarity - I wouldn't recommend joining those "insider" channels unless you understand what you are doing and want to be part of that process. The point I was making was for any given patch, its gone through their "internal" process, if no major issues found i'ts released to the "daily" channel, if no major issues found released to the "weekly" channel, if no major issues found released to the "4 week" channel, if no major issues found it's released to the "mainstream"/general availability for everyone else.

So, what you propose above is already happening with that volunteer "insider" community. You waiting 1-2 weeks "extra" likely adds nothing... Sure, there is a possibility that some unknown bug pops up in some unique configuration that wasn't encountered in the more limited "insider" group, but I'd argue for 99% of the users that bug won't matter to them for the same reason it wasn't previously found - they don't happen to have that unique configuration that triggered it to begin with...

Speaking of unique configurations, when everything is kept up-to-date, you are in a known/supported configuration. When you randomly have some things updated, others not, you are just adding to the infinite numbers of incredibly hard to test configurations.

As such, and specific to Microsoft or others who follow a similar release process with lots of people who help "find the bumps" before its released, my recommendation remains enabling automatic updates. The benefits are far higher than the perceived risks. Especially when most users aren't going to spend the time to find out about updates, manage a calendar to wait 1-2 weeks as you suggest, and then manually update. Far better to just let the mainstream processes do their job, set to auto-update, and spend your time on things more valuable to you.
Here's an article from Computer World dated 19 October 2019

in which the writer references Jerry Berg, a Microsoft senior software development engineer for testing who was on the team and worked at the company for 15 years. Berg states “Fundamentally, Microsoft has replaced flesh-and-blood people who create automatic test sequences … [with] ourselves, the consumers.


While insiders are useful they are not a substitute for professional testers which Microsoft has done away with. As someone here mentioned (Google is your friend),

Google: Microsoft patch bricked computer

and you'll see lots of horror stories where a simple Microsoft patch presumably vetted by Insiders bricked peoples computers. If it were one or two it would be one thing and if was just once occurrence, but there are far too many occurrences.

OR Google: browser update that resulted in loss of data

On my smartphone, automatic updates are disabled.

Most people who buy a computer or smartphone expect it to work and should not have to understand the internals of the hardware or the OS. They probably don't want to be "insiders" and if they don't understand the importance of backups, all it takes is one incident where they will regret not having a backup or having automatic updates turned on and then either buy the backup software or live with only backing up key files, documents, photo's on a USB drive and turning off automatic updates.

Best Wishes
So many problems with your logic... I'll bother to respond to just a few...

Yes, Microsoft changed how they "test" software - especially Windows. And by my anecdotal experience, the results have been stellar. Windows 10 and Windows 11 have been some of the most stable versions I've ever ran. Does that mean there are 0 bugs - of course not. Does that mean that you aren't going to find some random issue from time to time - of course not...

Let's think about "why" this is... In a general sense, Microsoft does not control the hardware people use or the software that they run. You could build a computer using parts from multiple manufactures using a mix of old and new parts. You might have a mix of old and new drivers. You might have a mix of old and new applications in varying degrees of being patched. You might be running on various versions of the operating system, with a staggering number of different OS patches applied - or not. In short, there are nearly in infinite number of combinations of hardware, drivers, OS, and software that would need to be "tested". There simply is not a way to do that with humans - as there is no way to even build that many permutations needed to test (and diminishing returns for attempting to do so - as many of those combinations don't even exist in the real world).

Sure, Microsoft could be like Apple and remove your ability to use any device except a Surface device made by Microsoft, and tell you that you need a new Surface device every X years because they aren't going to allow you to run the new OS on old hardware and aren't going to support the old OS on your hardware anymore either... Oh wait, they couldn't do that because they wouldn't be allowed...

So, what did they do instead? They automated processes that gather information from what's deployed to automatically (where people haven't disabled them from doing so) detect when issues are occurring, so they can try to identify the source (which of the nearly infinite permutations of hardware/drivers/OS/apps is impacted), and try to work to resolve the issues (such as with the organizations that make the hardware/driver and/or applications).

And their "insider" community is going to have the bulk of the "mainstream/normal" configurations, as well as probably some esoteric ones... But is it possible that some random bug with some random graphics card exists that no one in the "insider" community has - sure it is! Do you think your odds go up much by waiting 1-2 weeks? I doubt it... For one thing, very few of us are running the really odd configurations that usually cause problems.

And again, we need to think about "which is worse"... Your perceived fear of running into a computer issue by patching too soon (which is possible, but far more rare when you look at the millions of devices who have updates enabled by default and don't have issues - but aren't less likely to take the time to write articles about "yep, another patch that didn't cause issues")... Or leaving your devices unpatched and exposed to attackers... As I mentioned in my original post, leaving your devices unpatched is just making life easier for the attackers...

Now we need to think about "reality"... How many people do you really think are going to keep track of what updates/patches have been released, and when, across their browser, OS, applications, drivers, firmware, etc.? How many are going to be disciplined enough to "wait 1-2 weeks" and then apply the patches? I'm pretty sure I could take all of them to dinner and spend less than $100. I highly doubt you even do as you advise, as I just don't see it being practical in the real world...

So, your recommendation is that someone should take on a lot of manual effort, which most likely they'll eventually forget or be lax in doing and 1-2 weeks becomes 1-2 months becomes 1-2 years, becomes an unpatched device that hackers will be gracious to exploit, and even if they do nothing to "your" computer/data - they have yet another device they can use to conduct their illegal activities with. No thanks!

I lock my doors and close my windows when I go to bed, because that's what reality says I need to do, just like I auto-update my devices and their apps (including browsers) for the exact same reason.
Last edited by SnowBog on Thu Oct 06, 2022 6:56 pm, edited 1 time in total.
Dottie57
Posts: 12349
Joined: Thu May 19, 2016 5:43 pm
Location: Earth Northern Hemisphere

Re: How often do you update your browser on your PC?

Post by Dottie57 »

enad wrote: Thu Oct 06, 2022 12:24 am
water2357 wrote: Wed Oct 05, 2022 11:06 pm How often do you update your browser on your PC?

Do you set it on automatic updates? And if so, have you ever been faced with any problems due to an automatic update?

Have you ever had any security issues with a financial institution due to an out dated browser?
On Linux it is automatic, but the Linux people do a much better job at testing the browser before it's released. On Windows I am only too happy to be up to 8 weeks out of date as I don't want to be a guinea pig. All of our Windows run in Virtual Machines on Linux hosts
Me too but on a Mac.
User avatar
enad
Posts: 1581
Joined: Fri Aug 12, 2022 2:50 pm

Re: How often do you update your browser on your PC?

Post by enad »

SnowBog wrote: Thu Oct 06, 2022 6:29 pm
enad wrote: Thu Oct 06, 2022 5:44 pm
SnowBog wrote: Thu Oct 06, 2022 3:05 pm
enad wrote: Thu Oct 06, 2022 12:18 pm
SnowBog wrote: Thu Oct 06, 2022 1:58 am IMHO running on an out-of-date and unpatched browser, operating system, or application is not much different than refusing to lock your doors and close your windows when you aren't home (or are asleep). You are providing would be attackers an easy target of convenience that could have been avoided by simple actions on your part (such as enabling automated updates).

On all my devices, from my Windows computers, iOS and Android devices, router, smart TVs, etc - they are all setup for automatic updates everywhere possible. When I'm required to click a button to update, I do so the same day. (For clarity here, some attacks are made to look like "updates" you should click on... Learn to tell the difference between real updates vs. attempts FYI get you to do dumb things.)

The only exception I make is for devices that aren't connected to a network. For example, we have one "smart" TV we use as a "dumb" TV where it has no benefit from accessing the internet, and thus its network is off so it can't update.
Automatic updates can be a plus but they can also be a pain. Being the first to get a patch is not always the smartest thing to do either. These days patches are often tested by rolling them out to the user community. If it breaks, hopefully they get enough telemetry to fix the issue, or enough people complain and it gets fixed. It's way to common for Firefox or Chrome to issue an update and within 1-2 days issue a 2nd update to the patch and in a week an update to the update.

If it's an OS, better make sure you have good backups.

If the company or institution isn't going to adequately test their product (Microsoft stopped doing this when Windows 10 was release) and instead roll it out to the user community to see what happens, I am only to happy that there are people willing to have automatic updates. Their sacrifice will insure that by the time I install it, the bugs that bring them down have been fixed. Usually 1-2 weeks after the update is out, it's considered safer than it was on the first day, unless it's a ZERO DAY patch.
Fair point - sort-of...

What I think is missed from your view is that not everyone releases patches to mainstream end-users as you seem to imply.

Let's pick on Microsoft, since you pointed them out. My understanding is most software companies "dogfood" their products, meaning they are deployed internally first. Additionally, they have an "insider" community which is filled with people who volunteer to download and test out "early releases" including new updates, patches, etc. These tend to be those people who like being on the "cutting edge" and/or who enjoy being part of the process to launch new updates including finding and reporting issues. Microsoft also - when allowed - leverages "telemetry" data - meaning they want (and I think require of "insiders") to get notified when things aren't working. They use that to understand if a given patch/update made improvements or made things worse, and if worse, then they are supposed to fix/improve the issue before they roll it out further.

Specific to their Edge browser, they have at least 3 publicly accessible "channels" in their "insider" program: https://www.microsoftedgeinsider.com/en-us/download/ Those who want to help can get daily updates, weekly updates, or major updates every 4 weeks. So, unless it's an "emergency security fix" which they push out immediately (very rare), it's going to be running on lots of devices long before it's ever released as an update to "regular users" who haven't opted into the "insider" program.

Edited to add: for clarity - I wouldn't recommend joining those "insider" channels unless you understand what you are doing and want to be part of that process. The point I was making was for any given patch, its gone through their "internal" process, if no major issues found i'ts released to the "daily" channel, if no major issues found released to the "weekly" channel, if no major issues found released to the "4 week" channel, if no major issues found it's released to the "mainstream"/general availability for everyone else.

So, what you propose above is already happening with that volunteer "insider" community. You waiting 1-2 weeks "extra" likely adds nothing... Sure, there is a possibility that some unknown bug pops up in some unique configuration that wasn't encountered in the more limited "insider" group, but I'd argue for 99% of the users that bug won't matter to them for the same reason it wasn't previously found - they don't happen to have that unique configuration that triggered it to begin with...

Speaking of unique configurations, when everything is kept up-to-date, you are in a known/supported configuration. When you randomly have some things updated, others not, you are just adding to the infinite numbers of incredibly hard to test configurations.

As such, and specific to Microsoft or others who follow a similar release process with lots of people who help "find the bumps" before its released, my recommendation remains enabling automatic updates. The benefits are far higher than the perceived risks. Especially when most users aren't going to spend the time to find out about updates, manage a calendar to wait 1-2 weeks as you suggest, and then manually update. Far better to just let the mainstream processes do their job, set to auto-update, and spend your time on things more valuable to you.
Here's an article from Computer World dated 19 October 2019

in which the writer references Jerry Berg, a Microsoft senior software development engineer for testing who was on the team and worked at the company for 15 years. Berg states “Fundamentally, Microsoft has replaced flesh-and-blood people who create automatic test sequences … [with] ourselves, the consumers.


While insiders are useful they are not a substitute for professional testers which Microsoft has done away with. As someone here mentioned (Google is your friend),

Google: Microsoft patch bricked computer

and you'll see lots of horror stories where a simple Microsoft patch presumably vetted by Insiders bricked peoples computers. If it were one or two it would be one thing and if was just once occurrence, but there are far too many occurrences.

OR Google: browser update that resulted in loss of data

On my smartphone, automatic updates are disabled.

Most people who buy a computer or smartphone expect it to work and should not have to understand the internals of the hardware or the OS. They probably don't want to be "insiders" and if they don't understand the importance of backups, all it takes is one incident where they will regret not having a backup or having automatic updates turned on and then either buy the backup software or live with only backing up key files, documents, photo's on a USB drive and turning off automatic updates.

Best Wishes
So many problems with your logic... I'll bother to respond to just a few...

Yes, Microsoft changed how they "test" software - especially Windows. And by my anecdotal experience, the results have been stellar. Windows 10 and Windows 11 have been some of the most stable versions I've ever ran. Does that mean there are 0 bus - of course not. Does that mean that you aren't going to find some random issue from time to time - of course not...

Let's think about "why" this is... In a general sense, Microsoft does not control the hardware people use or the software that they run. You could build a computer using parts from multiple manufactures using a mix of old and new parts. You might have a mix of old and new drivers. You might have a mix of old and new applications in varying degrees of being patched. You might be running on various versions of the operating system, with a staggering number of different OS patches applied - or not. In short, there are nearly in infinite number of combinations of hardware, drivers, OS, and software that would need to be "tested". There simply is not a way to do that with humans - as there is no way to even build that many number of permutations.

Sure, Microsoft could be like Apple and remove your ability to use any device except a Surface device made by Microsoft, and tell you that you need a new Surface device every X years because they aren't going to allow you to run the new OS on old hardware and aren't going to support the old OS on your hardware anymore either... Oh wait, they couldn't do that because they wouldn't be allowed...

So, what did they do instead? They automated processes that gather information from what's deployed to automatically (where people haven't disabled them from doing so) detect when issues are occurring, so they can try to identify the source (which of the nearly infinite permutations of hardware/drivers/OS/apps is impacted), and try to work to resolve the issues (such as with the organizations that make the hardware/driver and/or applications).

And their "insider" community is going to have the bulk of the "mainstream/normal" configurations, as well as probably some esoteric ones... But is it possible that some random bug with some random graphics card exists that no one in the "insider" community has - sure it is! Do you think your odds go up much by waiting 1-2 weeks? I doubt it...

And again, we need to think about "which is worse"... Your perceived fear of running into a computer issue by patching too soon (which is possible, but far more rare when you look at the millions of devices who have updates enabled by default and don't have issues - but aren't less likely to take the time to write articles about "yep, another patch that didn't cause issues")... Or leaving your devices unpatched and exposed to attackers? As I mentioned in my original post, leaving your devices unpatched is just making life easier for the attackers...

Now we need to think about "reality"... How many people do you really think are going to keep track of what updates/patches have been released and when across their browser, OS, applications, drivers, firmware, etc.? How many are going to be disciplined enough to "wait 1-2 weeks" and then apply the patches? I'm pretty sure I could take all of them to dinner and spend less than $100. I highly doubt you even do as you advise, as I just don't see it being practical in the real world...

So your recommendation is that someone should take on a lot of manual effort, which most likely they'll eventually forget or be lax in doing and 1-2 weeks becomes 1-2 months becomes 1-2 years, becomes an unpatched device that hackers will be gracious to exploit, and even if they do nothing to "your" computer/data - they have yet another device they can use to conduct their illegal activities with. No thanks!

I lock my doors and close my windows when I go to bed, because that's what reality says I need to do, just like I auto-update my devices and their apps (including browsers) for the exact same reason.
I understand that you don't share my viewpoints and that's fine, but because I don't share your viewpoints, you think my logic must be problematic. Seriously?

All it takes is for someone to get burned once or twice and many people will look for a solution that prevents them from getting burned. It's not fun.

Just Googled:
Windows 11 bricked my computer
so what does that say? Windows 11 can brick a device just like Windows 10 can brick a device. By not being an early adopter of patches or browser updates I save myself a lot of potential grief. Others may see it differently. Just as in a portfolio, whatever approach you take is the one that lets you sleep at night. I don't have anything more to add to this. By not being an early adopter of patches and browser updates, I sleep well at night.


Best Wishes
What Goes Up Must come down -- David Clayton-Thomas (1968), BST
Normchad
Posts: 5630
Joined: Thu Mar 03, 2011 6:20 am

Re: How often do you update your browser on your PC?

Post by Normchad »

Honestly, never.

I’m almost 100% done using PCs for personal use. I am very much looking forward to the day I can throw them away for good.

I do virtually everything now on iPads. And those get updated automatically.
Makefile
Posts: 2657
Joined: Fri Apr 22, 2016 11:03 pm

Re: How often do you update your browser on your PC?

Post by Makefile »

enad wrote: Thu Oct 06, 2022 7:04 pm I understand that you don't share my viewpoints and that's fine, but because I don't share your viewpoints, you think my logic must be problematic. Seriously?

All it takes is for someone to get burned once or twice and many people will look for a solution that prevents them from getting burned. It's not fun.

Just Googled:
Windows 11 bricked my computer
so what does that say? Windows 11 can brick a device just like Windows 10 can brick a device. By not being an early adopter of patches or browser updates I save myself a lot of potential grief. Others may see it differently. Just as in a portfolio, whatever approach you take is the one that lets you sleep at night. I don't have anything more to add to this. By not being an early adopter of patches and browser updates, I sleep well at night.


Best Wishes
Windows 11 is a bit more drastic than a monthly security patch, even though MS marketing may have clouded (pun?) the issue. You'd think people would get that original Windows release = beta, service pack 1 = version 1.0 by now...

As to the broader point sometimes there is a long term support/extended support release of things for those wanting to dodge the breakneck rapid release cycles. Windows has one but it's not available to consumers. Firefox is a product that does have an ESR version to cut down the UI changes to once or twice a year.
User avatar
BolderBoy
Posts: 6738
Joined: Wed Apr 07, 2010 12:16 pm
Location: Colorado

Re: How often do you update your browser on your PC?

Post by BolderBoy »

Updating browsers is important to keep the certificate store up-to-date.
"Never underestimate one's capacity to overestimate one's abilities" - The Dunning-Kruger Effect
SnowBog
Posts: 4680
Joined: Fri Dec 21, 2018 10:21 pm

Re: How often do you update your browser on your PC?

Post by SnowBog »

enad wrote: Thu Oct 06, 2022 7:04 pm I understand that you don't share my viewpoints and that's fine, but because I don't share your viewpoints, you think my logic must be problematic. Seriously?

All it takes is for someone to get burned once or twice and many people will look for a solution that prevents them from getting burned. It's not fun.

Just Googled:
Windows 11 bricked my computer
so what does that say? Windows 11 can brick a device just like Windows 10 can brick a device. By not being an early adopter of patches or browser updates I save myself a lot of potential grief. Others may see it differently. Just as in a portfolio, whatever approach you take is the one that lets you sleep at night. I don't have anything more to add to this. By not being an early adopter of patches and browser updates, I sleep well at night.

Best Wishes
When your advice puts others at risk, yes I think it's illogical.

And yes, Google is useful, you can find all sorts of things there like https://googlethatforyou.com?q=what%20is%20a%20botnet. You might learn that computers in a botnet are commonly unpatched devices.

Keeping computers and their software up-to-date is one of the widely accepted security best practices https://googlethatforyou.com?q=Computer ... 0practices.
Last edited by SnowBog on Thu Oct 06, 2022 8:04 pm, edited 1 time in total.
User avatar
Rowan Oak
Posts: 851
Joined: Mon May 09, 2016 2:11 pm
Location: Yoknapatawpha

Re: How often do you update your browser on your PC?

Post by Rowan Oak »

water2357 wrote: Wed Oct 05, 2022 11:06 pm How often do you update your browser on your PC?

Do you set it on automatic updates? And if so, have you ever been faced with any problems due to an automatic update?

Have you ever had any security issues with a financial institution due to an out dated browser?
You want to keep your browser up to date, because most updates are for fixing security vulnerabilities. Most browsers will at least notify you when an update is available. I recommend updating as soon as possible or better yet allow automatic updates.
“If you can get good at destroying your own wrong ideas, that is a great gift.” – Charlie Munger
User avatar
Metsfan91
Posts: 971
Joined: Sat Jan 11, 2020 11:33 am
Location: Rust Belt

Re: How often do you update your browser on your PC?

Post by Metsfan91 »

water2357 wrote: Wed Oct 05, 2022 11:06 pm How often do you update your browser on your PC?

Do you set it on automatic updates? And if so, have you ever been faced with any problems due to an automatic update?

Have you ever had any security issues with a financial institution due to an out dated browser?
Auto update. Never use outdated browser. just my safety practice.
"Know what you own, and know why you own it." — Peter Lynch
User avatar
enad
Posts: 1581
Joined: Fri Aug 12, 2022 2:50 pm

Re: How often do you update your browser on your PC?

Post by enad »

Makefile wrote: Thu Oct 06, 2022 7:26 pm
enad wrote: Thu Oct 06, 2022 7:04 pm I understand that you don't share my viewpoints and that's fine, but because I don't share your viewpoints, you think my logic must be problematic. Seriously?

All it takes is for someone to get burned once or twice and many people will look for a solution that prevents them from getting burned. It's not fun.

Just Googled:
Windows 11 bricked my computer
so what does that say? Windows 11 can brick a device just like Windows 10 can brick a device. By not being an early adopter of patches or browser updates I save myself a lot of potential grief. Others may see it differently. Just as in a portfolio, whatever approach you take is the one that lets you sleep at night. I don't have anything more to add to this. By not being an early adopter of patches and browser updates, I sleep well at night.


Best Wishes
Windows 11 is a bit more drastic than a monthly security patch, even though MS marketing may have clouded (pun?) the issue. You'd think people would get that original Windows release = beta, service pack 1 = version 1.0 by now...

As to the broader point sometimes there is a long term support/extended support release of things for those wanting to dodge the breakneck rapid release cycles. Windows has one but it's not available to consumers. Firefox is a product that does have an ESR version to cut down the UI changes to once or twice a year.
Excellent points.

I know people who refused to update to Windows 10 or went back to Windows 7 (after a bad experience) and have purchased a subscription to 0patch which installs micro-patches every time their computer starts. 0patch has a good track record of providing patches for issues that Microsoft hasn't addressed and sometimes beats them with a fix especially for ZERO DAY problems. They are still running Windows 7 which reached End of Life status in January 2020. Add in a good anti-virus and/or anti-malware software and they are very well protected but don't have to deal with the Windows 10/11 issues. These people don't like "change".

I read that the Free Software Foundation asked Microsoft to release the source code to Windows 7 after it reached end of life status along with a license to use the code but Microsoft hasn't followed through. There is probably too much commonality with later versions of Windows, but it would be wonderful if they ever did and then we'd see a lot of UI's that look and behave like Windows 7 graphically but are much more secure under the hood.

Best wishes
What Goes Up Must come down -- David Clayton-Thomas (1968), BST
User avatar
enad
Posts: 1581
Joined: Fri Aug 12, 2022 2:50 pm

Re: How often do you update your browser on your PC?

Post by enad »

SnowBog wrote: Thu Oct 06, 2022 7:50 pm
When your advice puts others at risk, yes I think it's illogical.
In your view, but in my view holding off and letting others be guinea pigs is better for me and for those who share my view.
Keeping computers and their software up-to-date is one of the widely accepted security best practices
That's not the issue, rather when to apply those security updates is the issue. Early adopters add unnecessary risk and eventually their luck may run out.


Best Wishes
What Goes Up Must come down -- David Clayton-Thomas (1968), BST
User avatar
squirrel1963
Posts: 1253
Joined: Wed Jun 21, 2017 10:12 am
Location: Portland OR area

Re: How often do you update your browser on your PC?

Post by squirrel1963 »

I have auto updates enabled. But security is and end-to-end process, so it's just as important to follow best practices. Here are my security measures:

I use the strictest security settings available in the browser (for the record I use Windows Edge and Google Chrome).
I always update the OS.
I never download executables from unknown web sites. And in general though I avoid downloading software unless it's well known and has good reputation.
Never bypass antivirus / Anti-Malware software.
I always keep desktop / laptop fully enabled even at home.

I use a small NUC (Qotom mini PC) to run pfSense firewall. It's open source and it's released by a manufacturer which only does security products. I would never trust consumer off the shelf products for this.

Edit : I generally am very careful at what I browse, stick to well known web sites and avoid countries other than US, Canada, western Europe, Japan, Taiwan, Korea, Australia -- in short I stick to developed countries. Some countries like Russia and China are simply too dangerous from the point of view of accidental malware download.
The firewall helps a lot here, you can block the IP address ranges of entire countries.
LMP | Liability Matching Portfolio | safe portfolio: TIPS ladder + I-bonds + Treasuries | risky portfolio: US stocks / US REIT / International stocks
User avatar
Bogle7
Posts: 1984
Joined: Fri May 11, 2018 9:33 am
Location: In the Witness Protection Program

Singular?

Post by Bogle7 »

Which browser? I have/use 4.
Old fart who does three index stock funds, baby.
hudson
Posts: 7098
Joined: Fri Apr 06, 2007 9:15 am

Re: How often do you update your browser on your PC?

Post by hudson »

water2357 wrote: Wed Oct 05, 2022 11:06 pm How often do you update your browser on your PC?

Do you set it on automatic updates? And if so, have you ever been faced with any problems due to an automatic update?

Have you ever had any security issues with a financial institution due to an out dated browser?
Google Chrome updates itself automatically; no problems. I've had no security issues, but I take all of the usual precautions...plus.

Update: I've been out of the corporate info tech world for almost 10 years. Back then, we held off on most updates until after the guys at corporate headquarters updated. For my personal stuff, I don't wait on Apple, Microsoft, or Google. I haven't been burned in almost a decade; if I get burned, I'll tighten up.
Last edited by hudson on Fri Oct 07, 2022 9:07 am, edited 1 time in total.
biznerd
Posts: 16
Joined: Tue Mar 12, 2019 12:14 pm

Re: How often do you update your browser on your PC?

Post by biznerd »

With major browsers, I follow auto update schedules. My current favorite is Chromium-based browser. The update is usually stable and trouble free, except one time that I had to reinstall, but that's why it's important to keep a backup or have your data synced.

Auto update allows you to get the best of both worlds. It is designed that way. You don't have to constantly monitor for security problems and you have the latest versions that are likely supported by websites. Developers are more likely optimize for latest version of major browsers instead of specific versions of one major browser.

You'll likely stumble on issues if you opt for "beta versions". With that, you get cutting edge features as they become available at the risk of less stable web browsing experience.
JunkAddr
Posts: 5
Joined: Sat Aug 27, 2022 10:42 am

Re: How often do you update your browser on your PC?

Post by JunkAddr »

enad wrote: Thu Oct 06, 2022 8:07 pm I know people who refused to update to Windows 10 or went back to Windows 7 (after a bad experience) and have purchased a subscription to 0patch which installs micro-patches every time their computer starts. 0patch has a good track record of providing patches for issues that Microsoft hasn't addressed and sometimes beats them with a fix especially for ZERO DAY problems. They are still running Windows 7 which reached End of Life status in January 2020. Add in a good anti-virus and/or anti-malware software and they are very well protected but don't have to deal with the Windows 10/11 issues. These people don't like "change".
This is quite risky. Some misguided corporations also hold back security patches when they either don't have leadership in charge that understands security or they actively gamble that keeping their old, vulnerable fleet online is cheaper than updating. If they fail, they have insurance, teams of people to scramble and fix things, lawyers, and the ability to wire ten million overnight to a professional incident response team. If you fail, what do you have? A phone number to fidelity or vanguard?

The other posters in here are correct -- always update to the latest stable release of your operating system and browser as soon as you can. The security teams at Microsoft, Apple, and Google are not only better than third-party security solutions (i.e. backported patch vendors, malware scanners), they are worlds apart better in every conceivable way. By definition, they have to be the best as they are the last line of defense and implement the APIs that the third-party crapware uses to sell you worse AV solutions. You may be right that some vendors are tracking you more and more with each release, but that's a privacy law issue. Unfortunately, the major OS conglomerates tracking you still have far better security posture than anyone else writing the software you're using, who will almost all be tracking you as well. (Linux/Unix being a complicated exception here, but if you're asking if you should patch or not, I'm not entirely sure you're going to be more secure on Linux versus Windows/Mac.)

New operating system major updates also always have better security architecture improvements over previous releases making vulnerabilities harder to exploit and further securing your data under the hood. You never get these improvements if you stay on older operating systems. If you're a curmudgeon on Windows 7, backup all your important data (as you should already do), then update to 11 and buy https://www.startisback.com/ or one of the many solutions for the old start menu. Switching to an Apple device or Chrome device can also benefit you. They all track you. Some with better policies than others.

Sorry -- I just can't stand seeing the advice to "hold back on patches" in 2022. Maybe that made sense in the late 90s or early 00s or if you work at an enterprise where the CEO still does all their work on paper, but that practice is dangerous today.
SnowBog
Posts: 4680
Joined: Fri Dec 21, 2018 10:21 pm

Re: How often do you update your browser on your PC?

Post by SnowBog »

enad wrote: Thu Oct 06, 2022 8:22 pm
SnowBog wrote: Thu Oct 06, 2022 7:50 pm
When your advice puts others at risk, yes I think it's illogical.
In your view, but in my view holding off and letting others be guinea pigs is better for me and for those who share my view.
Keeping computers and their software up-to-date is one of the widely accepted security best practices
That's not the issue, rather when to apply those security updates is the issue. Early adopters add unnecessary risk and eventually their luck may run out.


Best Wishes
If you are actually disciplined enough to keep your devices up-to-date manually, then I make no arguments against you doing what works for you, the odds of an attacker taking advantage of something that's only 1-2 weeks out-of-date is small. It's when a person no longer is keeping up-to-date that you are inviting an increasing level of security issues.

But again, my point was that the likelihood of others reading this post saying "you know, I have nothing better to do with my time, so I'll keep track of updates - waiting 1-2 weeks after their release - and then I'll manually update them" isn't being realistic. Most people will either enable automatic updates - and thus stay up-to-date and thus more secure, or they will turn off automatic updates thinking "I'll update when needed" and then forget to do so...

Again, security best practices are to keep devices up-to-date.
Post Reply