Why not? I also used to boast about the fact that I never ran AV all those years, and other than getting one trojan, never had a problem (While I'm sure if I had run AV, I would have had a ton of problems...caused by the AV).

Of course, I can't boast about AV now.....now that I'm a Linux-only user- as it'd be like an Ethiopian boasting that he's not fat!

But as for the upgrades, I just like the idea that when something works good, why change it? I like something that I can put on my disk and leave it for years. If I like the way it works when I install it, unless it needs a new codec or some such thing to sync with some new technology....I just let it be.

It always seemed like the people whom I knew who did all the updates, and ran all the AV, were always the ones having problems and getting viruses. Not doing updates and not using AV, etc. has worked well for me for 15 years now- I likely won't change that behavior until and if I start having problems. Then again, it could just be that the kind of websites I visit are not likely to be ones which contain malicious things..... but either way, it seems to me avoiding updates helps keep one's system stable.

I'm actually planning on doing just that. Ostensibly, just as a learning experience- but if I can get it to work, and live with such things as manually having to install dependencies [that is, if I can figure out how to do it] who knows, it may just become a keeper!

How did you know without scanning the system? You realize that most malware acts in hidden ways on your computer, they show no dialogs stating "Here I am, your system is compromised!"?

Because you have not fixed any security hole on your system, making it wide open to every script kiddie out there. It is OK if you don't care about the security of your systems, but we care about the security of our systems and if one of our machines is attacked by a botnet your system is part of that is not OK. Or even simpler, I don't like to receive spam mail, also often sent from compromised systems.
That is the same as saying "I don't watch the news, this makes the world a better place because I don't notice all the bad things that happen.". It is not that the people you mention here had more problems than you, they just noticed that they had problems, made possible because an AV warned them about it.
That is also the same as saying "I never used a seatbelt in my car and never did anything happen, so I will continue to not wear a seatbelt."

'Cause funny things started happening....so then I ran an online scan; found the trojan and removed it.



Hardly. It seems to me, that most consumer Windows users DO all the upgrades. I think the scammers/exploiters tune their tactics to work with current systems, rather than searching for the odd person like myself who hasn't updated.

Hey, it was always my neighbors/friends/relatives who regularly updated and did things "by the book" who, even though they didn't visit sites likely to contain the naughty stuff, had endless problems, which they were always me to help them fix. (One of the best things abouit switching to Linux: Any time a Windows user now asks for help, I can plead ignorance, as I haven't used Windows in years...have never even seen Win7 or 8).

With a seatbelt, I lose nothing (except my right to make my own choices) and ensure some protection...with system updates, I have not seen any detriment from not doing them, but I have seen the people who do do them suffer the very symptoms which the updates were supposed to prevent.(Think "Norton". When I used Windows, I'd much rather take my chances on getting a virus, than endure the never ending problems created by trying to prevent them...)

I run Slackware and I install the security updates whenever I get the email. I check for updates weekly regardless, just in case I miss an email.

So again, how did you know that your system was not compromised when you did not scan it regularly? As I stated above, malware does not mean at all that your system has to malfunction in any way. In fact, most of the time it is the aim the malware not to be detected.
By the way, trojans are always installed by the user and have nothing at all to do with updating the system or its security measures. Of course you would have been warned by an AV before you had installed the trojan and compromised your system.
Nobody is actively searching for anyone. Those infections are all automated drive-by infections.
I help other people with Windows systems, too, and I outright refuse to help anyone that thinks having an AV or installing security updates would be a bad idea. Those people that I do help have in 99% of the time problems that they have caused themselves, not an update or an AV program.
Again, if you like to be in constant danger to have a compromised system that probably even is involved in criminal acts that is up to you. But there are detriments from that, mainly for other people that are bothered by compromised systems doing DDOS or brute force attacks on other people's systems, or just spam the email accounts of them. Like you are responsible for your car not endangering other people you are also responsible for your computer not endangering other systems.

So your excuse for having an insecure system is "Back in the time there was this really crappy software"? IIRC, there were always more than one AV solution.

Anyways, there is not much to argue about, it is a fact that not installing updates is very bad behavior and security wise. I can understand that you want to have a stable system that doesn't change. But that doesn't mean at all that you should neglect security updates. There are distributions out there that give you exactly that, like Debian, Slackware or the distros from the RHEL family (except Fedora, of course), a stable system that gets security updates. Use them, but do the updates.

I update every night before I go to bed Pacman -Syu is the last thing I type every day.

In all fairness to Windows, which I loathe more each day, I have never had a Windows update break anything even back to my Win98 days before the updates were automated. My girlfriend, though, had an IE update break her access to the Outlook web interface for her employer and had to roll it back, which she figured out to do quite on her own (good for her!).

The update reboots are annoying, though. The last time I booted over into Windows after about a month of not using it, I had to reboot four times before everything settled down and I could actually get anything done.

My Debian based installs have security updates set to automatic so they download and install in the background. All other updates are presented with update notifier and I install them when I am not doing anything of worth.

To those who think Windows updates don't break things think again. I saw it happen on my fathers old Acer Aspire laptop. The update come through and the thing wouldn't boot normally. Boot it up through the troubleshooter and find the update brought through a new version of a hdd driver. Revert back to the old driver, reboot into windows normally and instantly it updated the driver. After a week my father said install Ubuntu if you think it will stop this. I installed Ubuntu and he never had trouble again (I must admit I kept him on the LTS releases 8.04 and 10.04).

About every week I check and install the security updates on my slackware.

Even a broke watch is correct twice a day.

I think that security updates in-particular should be installed as soon as they come out.

That being said, you must also "practice safe computing." In the end, security is a process, not a product, and it altogether depends on the good security practices of the owners of the machine, as has been discussed-to-death here and elsewhere.

For example: let's start with a VPN-capable hardware router, properly configured with digital certificates (no passwords = PSKs!), with up-to-date firmware, configured to be the only possible way to obtain an inbound connection ... through a firewall that further screens the connection-attempts that (somehow) make it through the VPN. Which leads to an internal network that is 100% wired, not wireless. "Things like that." 99.99% of all computers out there are not like that, however.

Fundamentally, computer exploits are "crimes of opportunity." And, "anti-virus software is basically worthless." The best that AV can do is to tell you that someone has already broken into your barn and stolen your prize race-horses. Which is not the point. . .

I update my system everytime I install a new program, outside of that, once a week or two. I use Arch and haven't had an issue with doing it that way.

I would reccomend that you regularly install your security updates for your distro. Just because software is old, doesn't mean it doesn't have vulnerabilities. On the other hand, just because its new, doesn't necessarily mean its better, but it should have atleast patched a hole or two from the old version. That is the purpose of the stable branch in distro's.

I update my systems every day -- well, every day I boot them anyhow. I run Debian Sid though so there's always some update or other for my systems.
I've seen a few Windows updates break things in minor and not-so minor ways but, then, I've seen some Ubuntu updates do the same and many Sid updates that could...

KDE lets me know plus could automate...