is it safe to update Windows 10

I manage a group of remote laptops that don't need any type of security and are designed to do only one function.  Upon hearing that the Meltdown/Spectre fixes from MSFT slows down PCs, I used various means in the group settings to stop any and all updates.  Basically the Windows Update appears, but then the user just minimizes it and does nothing with it.  As they are, the PCs function fine.  I don't know how long we can stall MSFT, but right now its working well. My question is this: have the Meltdown/Spectre updates been perfected at this point so that it does not interfere with the operation of the PC or slow it down? Any decrease in performance is unacceptable.  Thanks!
LEECHIPTURNERAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Cliff GaliherCommented:
Unless these machines were running at 100% CPU 100% of the time, you won't notice a slowdown under normal usage (which is most laptops.)  Servers is another matter.

Further, I'd suggest that if these machines are on the internet at all then you should not stop updates.  Bad security impacts more than just you.  Botnets from infected machines are a worldwide menace and good security is a community effort.  If these machines are *NOT* on the internet then there is no reason to block updates, as they can't contact MS to download them.

The issue with meltdown/spectre is a hardware level issue.  So while software is "working around" the problem, short of replacing chips, any patch that addresses the issues will have a performance impact.  Note that there is a difference between saying a patch does cause a 5-10% decrease in performance and saying that it "slows down" a machine. If a machine sits idle 90% of the time, a 10% performance impact is literally imperceptible.

Ultimately these patches are out, they are not going to see significant improvement, and they should NOT be hidden. If every laptop needs that much performance then you may want to consider a high-end server and remote desktop or upgrading all the laptops or some similar.  Blocking security updates is simply not an acceptable solution in this day and age.
0
McKnifeCommented:
The updates are available for most systems with the following CPU series: skylake, kabylake and coffee lake. Find your series like this: google your processor ID (example: i5 4570 will lead you to https://ark.intel.com/products/75043/Intel-Core-i5-4570-Processor-6M-Cache-up-to-3_60-GHz and the second line tells you the code name (in this example: "haswell")

If you have these series, you can download microsode updates for 1709 from here:  https://www.catalog.update.microsoft.com/Search.aspx?q=KB4090007
--
Will they slow down your PC? Measure it for yourself. Most people will not even notice. You can disable the spectre 2 update using registry keys if you notice a significant decrease.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
JohnBusiness Consultant (Owner)Commented:
You should do the updates. We have not seen any impact on Workstations. Even our Servers are running normally.

Also check for BIOS, Chipset and Video updates on workstations as well.

Nothing gained in turning updates off.
0
Cloud Class® Course: SQL Server Core 2016

This course will introduce you to SQL Server Core 2016, as well as teach you about SSMS, data tools, installation, server configuration, using Management Studio, and writing and executing queries.

LEECHIPTURNERAuthor Commented:
Thanks to all for the quick replies.  McKnife, is there a URL explaining the steps to disabling Spectre 2 update?
0
JohnBusiness Consultant (Owner)Commented:
You need to patch your systems and not disable the Spectre 2 update
0
McKnifeCommented:
https://support.microsoft.com/en-us/help/4073119 is the documentation. You'll find a section "Switch | Registry Settings" where you can find a registry key that will let you disable the update on demand.
0
LEECHIPTURNERAuthor Commented:
Thanks!  Going to update one laptop and see if our proprietary app fails.
0
JohnBusiness Consultant (Owner)Commented:
Thanks for the update
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows 10

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.