Why delaying software updates is a terrible idea

style-photography/Getty Images

When I grew up, we didn't have smart devices. TVs, bulbs, and even telephones were simple analog devices. If you'd told my grandmother that she had to update her TV or lightbulb, she'd have thought you were asking to buy a new, replacement device -- not download a software update.

But today, almost all electronic devices -- even those lightbulbs -- have a digital circuit at their core. And those digital circuits need to be upgraded to remain compatible with ecosystem changes and safe from hackers and attackers.

Also: The best VPN services (and how to choose the right one for you)

I've never met anyone who enjoys doing software updates. They take time. They often require a reboot, which might require applications to be relaunched. Sometimes, updates change the user interface. And sometimes, updates break everything.

Updates can also introduce incompatibilities or reduce owners' freedom to use their devices as they wish. A recent update from leading 3D printer maker Bambu Labs has had the 3D printing community in uproar because it locked down the printer to Bambu's own slicer (the app that makes 3D prints printable) and removed the freedom to run more popular and open-source slicers, effectively making the printer a proprietary, closed device.

So, with updates being mostly a pain in the gas, why run them? Why not just let things be? If it ain't broke, don't fix it, right?

Well, no -- and I'll explain why.

We're all connected

See, the thing is, we no longer live in an air-gapped ecosystem. Those TVs, lightbulbs, and telephones of our grandparents' era didn't connect to the internet because it didn't exist. That simple fact meant people couldn't connect to those devices.

The little 15-inch TV in my parents' bedroom was a standalone unit. The TV could pick up the three major New York City stations via its rabbit ear antennas, but that was it.

Also: What is vishing? Voice phishing is surging - expert tips on how to spot it

By contrast, the big-screen Roku my wife and I have in our family room is, fundamentally, a Linux machine. It has both an ethernet and Wi-Fi connection, it can be updated, run apps, and, yes, display ads. It's not really a TV. It doesn't connect to either over-the-air signals or a cable TV box. It's just an internet terminal whose primary purpose is to deliver car shows and British cozy mysteries to the big screen.

The same is true with everything in our house. The TV, our smartphones, our microwave, the clocks, the smart assistants, such as Alexa, the 30 computers, the 30 desktop fabrication and filming robots, the routers, the thermostat, our virtual reality headsets, my watch, our AirPods, all our cameras, our four NAS servers, and even my latest tripod all have processors at their core, and all demand regular updates.

These updates can be an epic annoyance. But you must run the updates.

This is David. Don't be like David

I didn't always follow the advice in this article. In fact, my working strategy for years was to avoid updates until there were one or two updates past whatever version I was running. I wanted to wait until all the bugs were ironed out. But then in 2014, and again in 2016, I learned a lesson.

In 2014, I was running a bunch of WordPress websites. I still do, but back then I didn't run regular updates. My wife was showing our business website to a Sam's Club clerk when setting up a business account when she discovered porn all over the site. Needless to say, you never really want to get a text like, "Our website has been hijacked by nasty porn."

Also: How AI will transform cybersecurity in 2025 - and supercharge cybercrime

I hadn't run updates. I figured the site was working, so why take a chance on breaking it? But one of the plugins had a vulnerability. Hackers found their way in. They planted malware on the site. I wound up having to dig through and clean up nearly the entire site. The process was very, very unpleasant and time-consuming. And, like I said, it was my fault.

Let's roll the calendar forward to 2016. I used my studio every week to give webcasts and they were a major part of how I made my living. The webcasts were scheduled live, with audiences online waiting for our program to begin. The webcasting team and I usually logged in about a half hour before showtime to get everything set up.

But, on a rainy April day in 2016, I couldn't access the webcasting software. I had clients and an audience (usually upwards of a thousand people) waiting. As it turned out, I hadn't updated the operating system on my studio machine. The device was old enough that Chrome suddenly wouldn't run. It was also old enough that Gmail and Google Calendar wouldn't run, even in Safari.

Google had updated all three tools. The updates removed support for the out-of-date OS I was running on the machine. So, even though everything had worked fine the day before, 30 minutes before showtime, I couldn't run anything.

Also: Why rebooting your phone daily is your best defense against zero-click attacks

Fortunately, I did have other up-to-date computers. After about 20 minutes of mad dashing and panicked messaging back and forth with my team, I got online with just a few minutes to spare.

Since then, I've been religious about running timely updates. Knock on wood, I haven't had any problems since.

What could possibly go wrong?

Those are just a few examples of what can happen if updates aren't applied regularly. Let's do a lightning round on some of the risks that can be prevented by practicing a good update regimen:

• Malware infections: This is the big one, and why you should update your browser and OS whenever you're told to. Hackers try to embed malware. They are constantly searching for exploits. Many exploits are years old and are blocked by the latest builds. Not updating makes you vulnerable.
• Internet connectivity risks: Hackers may cast a wide net or target you specifically. Security cameras are particularly vulnerable. Keep in mind that hackers aren't just financial criminals. Students and adults have been known to cyber-stalk by breaking through poorly updated routers to spy on unsuspecting people through their webcams.
• Property damage risk: Hackers who break through an un-updated router's protections could access your home heater or turn on a 3D printer. While very few fires have been caused by hacking, the possibility exists.
• Acting as a botnet node: One popular use of malware is to install botnet nodes on unsuspecting users' computers. Large botnets force multiply a hacker's reach, enabling distributed denial of service attacks or large-scale distributed decryption attempts. Hosting a bot can slow down your computer, clog your internet connection, get you banned from sites, and possibly cause your internet provider to shut you down.
• Compatibility issues: I'll bundle critical functionality loss, ecosystem change, and last-minute crises into this bullet. Updates maintain compatibility (unless they break it, as in the Bambu Labs example).

These are just a few examples of what could happen if you don't run your updates. I know updates are a pain and I feel your anguish. But just do them anyway. Trust me. One or two bad days will teach you the importance of doing regular updates. I told you my stories. Don't wake up one morning to a similar story of your own. Those were not good days.

What about you? Have you ever skipped an update and faced unexpected consequences? Do you wait before installing updates, or do you apply them right away? Have you ever had an update break something critical? What's your biggest frustration with software updates? Let us know in the comments below.

You can follow my day-to-day project updates on social media. Be sure to subscribe to my weekly update newsletter, and follow me on Twitter/X at @DavidGewirtz, on Facebook at Facebook.com/DavidGewirtz, on Instagram at Instagram.com/DavidGewirtz, on Bluesky at @DavidGewirtz.com, and on YouTube at YouTube.com/DavidGewirtzTV.