I can never relate to these posts. I always update all my stuff pretty much immediately when I see an update available. I run Windows, so I'm talking Windows Updates, browser updates, drivers, anything and everything. It actually gives me a pleasant feeling knowing I get bug fixes, security fixes, maybe some new feature every now and then. I'm definitely naive enough to hope for performance improvements rather than worry about performance regressions. Historically, it's extremely rare that an update messes something up for me.
Maybe I'm not as quick to update as I think I am, giving vendors time to fix broken updates before I get them? I dunno. I'm also privileged in that I update my hardware quite often. Maybe that hides any worsened performance from my perception.
I'm not sure if I understand your strategy correctly, but disabling (security) updates on Windows and browsers sounds like a recipe for absolute disaster. To me that sounds waaay more risky than any risk taken when installing (potentially broken) updates from MS/Mozilla/Google
I can relate to them very well. I've wasted far too many hours cleaning up after one bad update or another. Windows and driver updates have been among the worst offenders. You could argue that the good updates might have protected me from malware that would have wasted even more, but I have no evidence to suggest this is the case.
As a result, I tend to be very binary about updates now. If it's something that involves direct contact with remote systems, it gets updated almost instantly, at least if the update is anything security related. Browsers, email clients, phones, publicly accessible servers, anything like that. The risk of not updating promptly in that situation is too high, even though I've seen many adverse changes when updating those kinds of products too. For most other things I use, if it's doing its job OK already, it probably gets updated if I have a specific reason to want a newer version and otherwise gets left alone.
I detest the modern trend for bundling essential updates like security patches together with other changes that users might not want, as the likes of Microsoft, Google and Apple all now do. Fixing a defective product is one thing. Changing it arbitrarily is something completely different.
And yet, I see this attitude pretty frequently in the software world. I too don't understand it (All my packages move to the latest dependencies as soon as possible). It's very often not the case that things won't magically start working after a version that breaks you. From there, it's just a ticking timebomb for some random CVE to come around making your app exploitable in all sorts of interesting ways.
Yet so many software devs take the approach of "Well, this version works, so why do the next?".
It’s a good idea to keep updates enabled so that you get security patches, but it’s ridiculous that you have to do this. The industry seems to have given up on the idea of making finished software, so instead you get endless churn - the bugs and vulnerabilities are infinite because the bug fixes are mixed into the same update stream as new features which themselves come with new bugs…
sony messed up a phone update a few years ago and it took them maybe two to issue another update to fix it. i can't remember what it was now but it was annoying enough that i stopped updating until a few other people confirmed it was ok.
ive had the same happen with two android apps as well so i have auto-update turned off now and just go through the list a few times a years. if the changelog just says 'buxfixes' but im not noticing any bugs, then i don't bother updating
Maybe I'm not as quick to update as I think I am, giving vendors time to fix broken updates before I get them? I dunno. I'm also privileged in that I update my hardware quite often. Maybe that hides any worsened performance from my perception.
I'm not sure if I understand your strategy correctly, but disabling (security) updates on Windows and browsers sounds like a recipe for absolute disaster. To me that sounds waaay more risky than any risk taken when installing (potentially broken) updates from MS/Mozilla/Google