Security and Quality Roll Ups

[magnogreato]

what is the “real difference” between these monthly updates and which would be the safest to install without having to worry about Microsoft having more control over my desktop and ARE THEY REALLY NEEDED? :
2018-05 Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1 on Windows 8.1. (KB4099635)

....AND
2018-05 Security Monthly Quality Rollup for Windows 8.1 for x64-based Systems (KB4103725)

I am getting some very disturbingly mixed signals from different groups,individuals and small companies about installing these huge Security and Roll-up downloads.

 

[USAFRet]

Vulnerabilities are found, updates are rolled out to address those vulnerabilities.
These monthly updates may also include some feature updates, removals, or additions.

Consider this, though....the WannaCry ransomware virus that went around last year...the vast majority of systems that were affected were those that were badly out of date with updates.
MS pushed out a patch to that a full month before it went public.
Fail to apply the relevant updates...poof, your system is compromised.

 

[finitekosmos]

The thing is, that you could potentially block Windows from contacting the distribution networks and update services that Microsoft rely on to deliver patches to your machine using the firewall on your internet facing router.

The issue is that at some point software will likely start to break. Many of the quality and security updates contain fixes for software bugs, Windows is not just an OS it is a very large collection of applications and services that are interdependent. The .Net Framework for example is the application framework that many other applications and even games depends on to function. Correcting bugs and improving the performance of this will help you and potentially fix broken components or applications that are broken because of broken software components.

When Windows NT 4 was released over its entire life it received several "service packs" these were collections of security, bug and performance fixes that had to be manually downloaded and installed on each machine owned. Service packs even contained components of DriectX too so they didn't simply fix bugs they added functionality. And thats an important thing, security bugs like Spectre can't be fixed by CPU Microcode alone and require functional changes to be delivered to the Operating System. New API's need the runtimes to be delivered before they can function. In short the software environment that our computers run in changes immensely from one year to the next from security to performance, from features to expectations.

This is the trade off, you either let it update and get the bug fixes, security fixes, performance fixes and features your machine is going to need to run new hardware, new applications and address new threats, or you don't. If you dont then you accept all the risks associated with not having the same level of functional security on your computer and new software may break without the required run-times. You will miss out on performance related fixes and potentially endure significant problems with new hardware. Technology is not a still target, neither are the security threats.

 

[magnogreato]

these updates and rollups are "the only ones" that I question...I stopped using Avast, AVG, and a couple others and have been using Win Defender and have always kept it updated and for the past two years, "knock on Wood" I have not had any problems. And I really appreciate your data/info which is the best I've had across the web thus far.

The thing is, that you could potentially block Windows from contacting the distribution networks and update services that Microsoft rely on to deliver patches to your machine using the firewall on your internet facing router.

The issue is that at some point software will likely start to break. Many of the quality and security updates contain fixes for software bugs, Windows is not just an OS it is a very large collection of applications and services that are interdependent. The .Net Framework for example is the application framework that many other applications and even games depends on to function. Correcting bugs and improving the performance of this will help you and potentially fix broken components or applications that are broken because of broken software components.

When Windows NT 4 was released over its entire life it received several "service packs" these were collections of security, bug and performance fixes that had to be manually downloaded and installed on each machine owned. Service packs even contained components of DriectX too so they didn't simply fix bugs they added functionality. And thats an important thing, security bugs like Spectre can't be fixed by CPU Microcode alone and require functional changes to be delivered to the Operating System. New API's need the runtimes to be delivered before they can function. In short the software environment that our computers run in changes immensely from one year to the next from security to performance, from features to expectations.

This is the trade off, you either let it update and get the bug fixes, security fixes, performance fixes and features your machine is going to need to run new hardware, new applications and address new threats, or you don't. If you dont then you accept all the risks associated with not having the same level of functional security on your computer and new software may break without the required run-times. You will miss out on performance related fixes and potentially endure significant problems with new hardware. Technology is not a still target, neither are the security threats.