Windows 10 PCs don't update or restart arbitrarily if they're managed with Group Policy.
Which is fine for enterprise-sized organisations. As I've acknowledged elsewhere, Windows 10 Enterprise is basically a different product. However, your average office with half a dozen staff isn't using those kinds of tools, and very possibly doesn't want that level of extra hassle to run a handful of machines they use. Lots of SMEs even at somewhat larger sizes don't have full-time sysadmins.
The bottom line is that this is a problem we simply didn't have before. With 7, we could just have someone check out the information on new security updates and push round the list of what to do this month for everyone else to use. These days it's even easier, because you just look at the monthly security-only roll-up, and usually everyone will then just deploy it immediately (or not, if they've screwed something up; we're actually looking into the current situation regarding Spectre/Meltdown mitigation right now).
Given that Microsoft themselves apparently feel that it's OK to wait up to a month before rolling out most security updates, it's certainly reasonable for users to hold off deploying them for long enough to do their homework if anything looks questionable.
Having all of your data leaked online by a malicious actor or losing it all to ransomware are both far worse than the worst thing a botched patch has ever done. Losing some productivity sucks; getting pwned can end your business.
Again, that's a judgement call.
We've never been compromised or leaked personal data, and more importantly, we have other security measures apart from Windows updates to help ensure that that remains the case. Real world security is still about risk management and layered defences, just as it always has been.
Ransomware is countered by any competent backup strategy. On the other hand, for a small business, the downtime from even a small number of PCs becoming unusable can be crippling.
People keep telling me about these bogeymen that will kill my businesses if we don't have security updates installed immediately, but as I mentioned before, it is a matter of objective fact that Microsoft's botched updates have caused us far more harm over the years than external attackers have ever managed. The risk analysis comparing installing all updates whether we want them or not vs. installing no updates at all is very clear, so if those are the options and we're not willing to risk having no updates, evidently Win10 is not a viable platform for us right now.
The actual contents of the basic level telemetry aren't that bad.
Being punched in the face isn't that bad, compared to being shot through the heart. It's still not desirable.
In any case, it doesn't matter. Any mechanism for exfiltrating data that we can't control in advance is a concern for confidentiality agreements and/or regulatory compliance. We have faced the same concern with other software that presumes to update itself: Browsers have always been a bit of a pain in that respect, since obviously they do need Internet connections to unknown servers to do their job, but at least there are clear privacy statements from the main browser developers about what they upload and how to turn off anything potentially dangerous, and the development is relatively "in the open" in terms of what will be in future versions so the risk of anything shady sneaking in is low. None of this is true of Windows 10.
This is also why firewalling the Win10 telemetry isn't an acceptable solution, even with the forthcoming diagnostics viewer. If you know in advance everything that could be uploaded automatically then you can firewall it, but since Windows 10 can update itself as well, you can't reliably know what's going to happen in advance because Microsoft can move the goalposts any time they want. And again, given their recent track record with pushing updates that are user-hostile and in their own interests, it's not credible to argue that they would never abuse that access. The risk assessment just doesn't add up.
I certainly wouldn't blame someone for having held off so far while Microsoft shuffles through the rocky early issues they have with every OS (they had them with Windows 7 as well). But that's because we still have two years of security updates left. ...If you're still planning on being there in two years, then I'd have serious questions.
We'll cross that bridge when we come to it. Our working assumption is that Microsoft will probably give ground by that point. Windows 10 adoption levels are terrible for a platform they have pushed as hard as they have. Enterprise users are probably OK and many home users will put up with almost incredible amounts of abuse before they actually do anything (see also: smartphones, social networks, etc.) so Microsoft can probably just wait it out on those fronts. However, we expect that they simply can't afford another Vista/XP situation with 10/7 and the SME and power user markets who can and will make other choices.
Of course, if MS don't change course on issues like telemetry and forced updates, we're already moving to other platforms for new systems anyway since you can't buy pre-10 Windows boxes any more, and we'll take a view on what to do with any Win7 systems still in service if and when the axe falls. But as you say, that's a couple of years away yet.
Which is fine for enterprise-sized organisations. As I've acknowledged elsewhere, Windows 10 Enterprise is basically a different product. However, your average office with half a dozen staff isn't using those kinds of tools, and very possibly doesn't want that level of extra hassle to run a handful of machines they use. Lots of SMEs even at somewhat larger sizes don't have full-time sysadmins.
The bottom line is that this is a problem we simply didn't have before. With 7, we could just have someone check out the information on new security updates and push round the list of what to do this month for everyone else to use. These days it's even easier, because you just look at the monthly security-only roll-up, and usually everyone will then just deploy it immediately (or not, if they've screwed something up; we're actually looking into the current situation regarding Spectre/Meltdown mitigation right now).
Given that Microsoft themselves apparently feel that it's OK to wait up to a month before rolling out most security updates, it's certainly reasonable for users to hold off deploying them for long enough to do their homework if anything looks questionable.
Having all of your data leaked online by a malicious actor or losing it all to ransomware are both far worse than the worst thing a botched patch has ever done. Losing some productivity sucks; getting pwned can end your business.
Again, that's a judgement call.
We've never been compromised or leaked personal data, and more importantly, we have other security measures apart from Windows updates to help ensure that that remains the case. Real world security is still about risk management and layered defences, just as it always has been.
Ransomware is countered by any competent backup strategy. On the other hand, for a small business, the downtime from even a small number of PCs becoming unusable can be crippling.
People keep telling me about these bogeymen that will kill my businesses if we don't have security updates installed immediately, but as I mentioned before, it is a matter of objective fact that Microsoft's botched updates have caused us far more harm over the years than external attackers have ever managed. The risk analysis comparing installing all updates whether we want them or not vs. installing no updates at all is very clear, so if those are the options and we're not willing to risk having no updates, evidently Win10 is not a viable platform for us right now.
The actual contents of the basic level telemetry aren't that bad.
Being punched in the face isn't that bad, compared to being shot through the heart. It's still not desirable.
In any case, it doesn't matter. Any mechanism for exfiltrating data that we can't control in advance is a concern for confidentiality agreements and/or regulatory compliance. We have faced the same concern with other software that presumes to update itself: Browsers have always been a bit of a pain in that respect, since obviously they do need Internet connections to unknown servers to do their job, but at least there are clear privacy statements from the main browser developers about what they upload and how to turn off anything potentially dangerous, and the development is relatively "in the open" in terms of what will be in future versions so the risk of anything shady sneaking in is low. None of this is true of Windows 10.
This is also why firewalling the Win10 telemetry isn't an acceptable solution, even with the forthcoming diagnostics viewer. If you know in advance everything that could be uploaded automatically then you can firewall it, but since Windows 10 can update itself as well, you can't reliably know what's going to happen in advance because Microsoft can move the goalposts any time they want. And again, given their recent track record with pushing updates that are user-hostile and in their own interests, it's not credible to argue that they would never abuse that access. The risk assessment just doesn't add up.
I certainly wouldn't blame someone for having held off so far while Microsoft shuffles through the rocky early issues they have with every OS (they had them with Windows 7 as well). But that's because we still have two years of security updates left. ...If you're still planning on being there in two years, then I'd have serious questions.
We'll cross that bridge when we come to it. Our working assumption is that Microsoft will probably give ground by that point. Windows 10 adoption levels are terrible for a platform they have pushed as hard as they have. Enterprise users are probably OK and many home users will put up with almost incredible amounts of abuse before they actually do anything (see also: smartphones, social networks, etc.) so Microsoft can probably just wait it out on those fronts. However, we expect that they simply can't afford another Vista/XP situation with 10/7 and the SME and power user markets who can and will make other choices.
Of course, if MS don't change course on issues like telemetry and forced updates, we're already moving to other platforms for new systems anyway since you can't buy pre-10 Windows boxes any more, and we'll take a view on what to do with any Win7 systems still in service if and when the axe falls. But as you say, that's a couple of years away yet.