• Welcome to the edge of the civilized internet! All our official content can be found here. If you have any questions, try our FAQ here or see our video on why this site exists at all!

On LastPass and Updating Software in General


Staff member
This is a response to Mutahar's video. Go ahead and watch it if you haven't seen it yet.

Muta takes a pretty damn hard line on updating, and in this specific case, he is absolutely 100% right. DevOps engineer was a dipshit. Probably never gonna work in the field again. Etc. Even just the fact that he used his personal laptop as his work computer was a huge no-no. But that's not really what I want to address here. Instead, I want to talk about why some people who work in much less technically vulnerable positions or are just using a computer purely for personal use may not want to update and even be somewhat justified in not doing so.

Just for starters, modern Windows has proven again, and again, and AGAIN that their updates can and will remove features or even break your system. And that's WINDOWS. That's supposed to be ONE OF THE MOST LOCKED DOWN PIECES OF SOFTWARE ON YOUR COMPUTER, PERIOD. Remember Gran Turismo 7? Day one update hamstrung gameplay progression and added microtransactions. Random BioShock Infinite update broke Linux compatibility to add some stupid launcher nobody asked for. Google Maps removed the ability in an update to see custom layers. Apple removed the infinite AirDrop time setting because the CCP told them to. All of this shit... Removed in updates. And we're not even getting into the much more plentiful instances of software updates just flat out breaking stuff.

So... Why don't people want to update? Not just because it can be annoying, but because we have been taught by most modern popular software to distrust updates and put them off when possible due to greed, shitty QA, and terrible management in some of these companies. Having said that though, there are exceptions of this as talked about above. If you're running a public server of any kind, updates are non-negotiable. If you're using computers of any kind for work, they have to be updated. If you're using computers in any kind of local, state, or national government work, they computers better be updated, yo. Beyond those three cases though, unless I'm forgetting a case, they aren't necessary and, depending on the company or group pushing the updates, they can in fact even regress the system.

But hey, don't believe me? Here's what global Information Security expert Mikko Hypponen said on Windows updates in an AMA session with him.

Arnox said:
Putting aside enterprise use completely, Microsoft has been absolutely banging on constantly about updates for home computers, basically saying that if you don't constantly keep your home computer updated with the latest security updates, your computer is going to get super mega hacked. And yet I and many others have kept their completely non-updated computers malware-free for over a decade through just simply good security practices.

What would be your opinion then on Windows updates and even running out-of-support Windows versions like Windows 7? Completely overblown danger for home users, or are we missing something here and Microsoft still has a point?
Mikko Hypponen said:
It largely depends on what you do on the machine. Obviously it's more important to update corporate servers that are exposed to the internet than a home machine which is largely inaccesible to outside attackers. The most common way a home machine gets hit is by users installing something bad (like a browser extension), or opening a bad document and Enabling Content (ie. running macros). Things like drive-by exploits from bad websites are not that common any more as browsers are getting better. Still, running outdated systems on the internet is not something I can recommend.