Troy Hunt hits some nails on their heads:
If you had any version of Windows since Vista running the default Windows Update, you would have had the critical Microsoft Security Bulletin known as “MS17-010” pushed down to your PC and automatically installed. Without doing a thing, when WannaCry came along almost 2 months later, the machine was protected because the exploit it targeted had already been patched. It’s because of this essential protection provided by automatic updates that those advocating for disabling the process are being labelled the IT equivalents of anti-vaxxers and whilst I don’t fully agree with real world analogies like this, you can certainly see where they’re coming from. As with vaccinations, patches protect the host from nasty things that the vast majority of people simply don’t understand.
Great article, which also goes into Windows Update itself for a bit.
Not having automatic updates, not on anything, seeing as I own my systems – I’ll be the one to decide when and what gets updated. Under linux, BSD.. that’s pretty much everything except systemd, and I update it more or less every day. No problems.
With automatic updates under windows, a simple reboot or shutdown is all-to-often an “install stuff” time, really annoying on laptops when you try to grab them and go. The updates themselves regularly go beyond security patches, rolling up all sorts of undesirable software, notably.. WGA.. Windows 10 ads.. Windows 10 itself.. and messing with unrelated settings and services.
I don’t let windows update run whenever it likes, and as Microsoft’s patches can’t be trusted without carefully filtering the KB’s, I’m not about to let it pick those on it’s own either. Updates, yes, mostly. Automatic, no. They have and I presume will continue to abuse it.