No automatic restarts! I understand that in our security patching world that patching and restarting automatically is the default, fine, but there absolutely should be a dead simple way of disabling auto restarts in settings. I'm fine if it pesters me to restart or whatever, perhaps with growing alarm the longer I wait, but it should always be optional in the end. There are just no words for how bad it can be for mission critical workloads when your computer restarts without your consent. Please make disabling this simple.
If you make it possible to defer updates indefinitely, users will. Guaranteed. Doesn't matter how urgent or critical the update is, how bad the bug or vulnerability it patches is, how disastrous the consequences may be: they'll never, ever voluntarily apply them.
If you're running a server, and willing to accept the risk of deferral because 1) you're in a better position to assess the risk and apply compensating controls than a regular user is, and 2) you're OK accepting the personal risk of having to explain to your boss why you kept deferring the urgent patch until after it blew up in your face, then yes, you should have a control to delay or disable it.
But end users? No. I use to believe otherwise, but now I've seen far, far too many cases where people train themselves to click "Delay 1 day" without even consciously seeing the dialog.
Most security-only updates have a low risk of interfering with with the user or causing instability. Most feature updates have a high risk of doing so.
(1) Although I think there should be some way of disabling even those, even if that way is hard to find and/or cumbersome to keep the regular users away.
Even the Server Core edition, which has a much smaller "surface area" needs reboots almost every month.
And who determines what is an "end-user device" vs a "server"?
> If you're running a server, and willing to accept the risk of deferral because 1) you're in a better position to assess the risk and apply compensating controls than a regular user is, and 2) you're OK accepting the personal risk of having to explain to your boss why you kept deferring the urgent patch until after it blew up in your face, then yes, you should have a control to delay or disable it.
So you do want choice after all it seems. Who do you think should make this choice on risk vs. workload/criticality?
I would say you actually agree with me mostly based on your comments, but you have not clarified _who_ makes these choices. I'm saying as the consumer, _I_ should get to make that choice. In the enterprise, my admin will make that choice via group policy, but I do not want Microsoft determining what I'm allowed to do with my OS. They are of course free to keep doing that, but then I also have the right to keep not buying their products.
Someone who decides to buy a Windows 20whatever Server license for the related hardware.
Windows isn't MacOS that runs on set of verified configurations - it runs on variety of hardware with vendor drivers and other software. That combined may cause issues but so lack of testing - we know that Microsoft in its wisdom dismantled QA and replaced it with this prosthetics of enthusiasts community that all the time suggest "sfc /scannow". Now they put Charlie Bell in role of "engineering quality" position but I have no hope that something will change with a good outcome for users.
And users should be again allowed to avoid updates which were proven to cause issues - that's the fundamental need here. Deterring a scheduled action isn't enough.
Considering Windows behavior, all the telemetry that was smuggled to W7 in poorly described updates, I see how appealing is to Microsoft to use this big updates package format and add features, components which surely would be avoided by experienced users. Since W10 and maybe even partially during W7 they're fighting their users when it comes to control over operating system.
I'm on CachyOS now but I still get calls from friends who struggle with all this MS circus. Recently, this friend lost data to bitlocker encrypted machine because she didn't had backup keys. She's that kind of user that doesn't know what happens on the screen beside text processor and web browser - everything is a nuance that has to be quickly dealt with by "next next done" tactic. Should she be more patient and read what's being displayed on the screen - sure but I've told her that years ago.
Anyway, CachyOS: arch-update renders a popup in KDE about recommended restart, sometimes update process requires restarting services and users can select ones it needs or everything listed altogether. There's snapshots support for updates: https://wiki.cachyos.org/configuration/btrfs_snapshots/ and pretty sure other distributions have this as an option as well.
