First thing I do after installing Windows 10 and updating once is disabling "automatic update" service because it's annoying.. After then , feel free to check Microsoft catalog website time to time for installing updates you wish or download cumulative updates time to time.

Thanks for being on the same internet as me. :(

Seriously - this isn't a matter of personal choice, freedom or any of that malarkey. This is basic social responsibility. Putting your computer on the internet is the equivalent of moving in next door to other people; if you move in next door to others and you fail in your basic social responsibilities you don't get to whinge about "wahh wahh personal choice, freedom, etc".

Now there's no doubt that Microsoft have badly screwed up their whole updating infrastructure sometime in the timeframe after Windows 7 SP1, but that doesn't excuse people abdicating their own personal responsibilities.

Then hope you won't be terrified to hear that I also disable Windows defender and don't use any anti-malware / anti-virus at all. (Latest incident is an extreme exception of Ransomware SDK proudly presented by NSA)

As long as Windows 10 doesn't give me an option to only install updates I want and when I want, I have no other choice. (Thing is Windows 10 Enterprise Edition has that option but bingo it's not available if you're not an enterprise) From privacy concern, I'm not big fan of telemetry updates or from annoyance concerns, I'm not big fan of Windows getting rid of all of my customizations each time. ( I don't even mention failed downloads, downloading gigabytes of data over and over, installing faulty drivers again and again )

I simply offer an alternative provided by Microsoft instead of "fire and forget" thing.

As far as "Social Responsibility" goes - Failure to ensure your system is patched and up to date on security fixes is about the same level as actively launching bot-nets and the like targeting those un-patched systems in my view. Sure, you're not deliberately engaging in it, but you're deliberately not taking efforts to restrict the pool of target systems used by said bot-nets...

Being the host to an unknown exploit is one thing, but allowing your system to remain connected to the internet without patching against known ones? Well, you're kind of actively making yourself part of the overall problem in that case.

Kind of related to the "Free Will!" argument of anti-vaxers, and their willful disregard of how herd-immunity functions. Want to take you and your family, and like minded families, and isolated yourself from the rest of society while not vaccinating? Go for it. Just keep away from the rest of us and our loved ones who, for whatever reasons, aren't fully protected.

If we're comparing with objects that can be used as weapons, it's more akin to leaving your car unlocked, or owning an old 80's car that can be broken into and stolen in about 30 seconds flat...

Interestingly, in the state to my north, the former actually is legislated against, while the latter is not.
It's actually a good comparison to think on. * It's alao the law here that guns must be locked in a safe, and people generally think that law is a good idea.
* it's the law here that cars must be kept locked, and people genrally think thats ridiculous "nanny state" bullshit.
* in this thread we're pondering whether computer should have adequate locks (keeping up to date with patches) and some argue it's a civic duty while others laugh at such a notion.

Is it because the gun will do harm, the car may do harm, and the computer may do virtual harm?

If my PC is doing bad stuff on the internet, my ISP has the right to cut me off. It's in the contract with them. If they think I'm DDOSing or sending out malware, they can do that. Hell I could plug in an army of IoT Linux machines and go post the root passwords over the internet - that's a step beyond being un-patched - and then my ISP has the right to cut me off if/when things get out of hand.

Herd immunity is important in humans because not every is able to be vaccinated and they're not 100% effective. The non-immune are protected by the immune herd.

With computer exploits, your patch is 100% effective so you don't need an immune herd to protect yourself from infection. What you do want an immune herd for is so you don't have to see the symptoms, such as your favourite site getting DDOSed.

DDOSing happens with and without botnets though - some are organised attacks among protestors and trolls, rather than criminal masterminding. So for that particular syptom, we should actually be addressing the behaviour itself - and that's regardless of whether you think it's your civic duty to cede control of your PC to a corporation or not. Any decent hosting company will have infrastructure in place to handle this, but is it a problem at the protocol level? Can a host send messages back down the tubes to your ISP and then your PC requesting a particular bandwith limit to their IP (and can each point along the chain start dropping packets from clients who aren't obeying the request)? Something like that would let a server declare to your ISP that it's under load, so please ask your users to throttle their requests, and if they don't, please drop all their requests. It seems like the modern adversarial internet really needs protocols along these lines.

Likewise, I don't know about you guys but here it's mandatory for my ISP to open/read/record all of my packets so that the NSA and friends can keep us safe. If they're going to go to all that trouble, why not add some heuristic scanners in the mix and start automatically flagging people who are sending NSA-developed exploit packets out into the internet and cut them off... Or better, drop their malware packets and then use this NSA exploit to gain access to their PC and clean up their malware for them :lol: