> 
> > > 
Your Windows Updates settings are first chosen when Windows 7 is installed on your PC: the "Recommended Settings", generally picked by default by major computer manufacturers, make Windows automatically check for recommended and critical updates, automatically download them, and automatically install them. This is why you'll sometimes find that your computer has restarted itself during the night, or while you were away. This tutorial explains how to edit these settings, balancing both convenience and security for your operating system. We'll show you how to configure Windows Update and Microsoft Update to include or exclude patches beyond the "important updates
" that include Windows service packs, improvement to MS Office (new junk mail lists for Outlook's spam filter), etc.
Quick Steps to edit your Windows Update settings in Windows 7:
FYI - before starting, know that there are two types of updates for Windows: regular updates, on the second Tuesday of the month ("Patch Tuesday
"), include non-critical security fixes and stability updates for the OS. At any time, Microsoft can also release so-called "critical updates
": these protect Windows from newly discovered vulnerabilities that could compromise your machine, steal your data, etc. That's why you should pick a setting that will at least let you know about updates, so that you can make an informed choice. Here's what the notification area message looks like: 
Click on the start button and type "windows update
" (singular) in the search field. Click on the first result at the top, under "Programs
", and the update summary screen will open in the Control Panel.
You'll get a summary of the currently available important updates and optional updates. Clicking on each of those links lets you select (or exclude) the available patches and software upgrades. If no "Install Updates" button is visible, no updates are available and/or selected: 
Tip: when the border is orange (as visible above), one or more non-critical updates are available. When your computer is up-to-date, the border will be green. as shown on the screenshot below. And the border will be red when critical updates need to be installed (notice the different icon, too).
In that same Control Panel screen, click on the "Change settings" link on the left (the "View update history" link below it lets you see a breakdown of installed updates, chronologically). The "Check for updates" link above it will send profile information from your computer to Microsoft's servers, to determine which optional and critical patches, if any, need to be installed on your machine. By default, that periodic check should happen automatically, and you should get a notice when updates are about to be installed, or have finished installing. Nearly every important and critical update requires a reboot.
The first option controls how "Important Updates" should be delivered: the default, recommended, and safest setting, is to keep the "Install updates automatically" choice in the dropdown. Unless you change the day and time from the secondary dropdowns, Windows 7 will install new updates every day at 3am, assuming that there are any. With this setup, Windows periodically checks for available updates on Microsoft's servers in the background, while the computer is turned on and not asleep: 
Here are a couple of other settings: as often, the safest option is the least convenient.
Annoyance # 1: unlike its predecessors, Windows 7 is pretty good at restoring files and documents closed by a system reboot. MS Paint files will be recovered, web browser tabs will be restored (or you'll get a message like "Your last browsing session closed unexpectedly
", which lets you to re-open them), etc. But some files, most notably unsaved text documents, will be lost for good - completely irrecoverable, in other words.
Annoyance # 2: with the default setting, Windows 7 will install the updates and keep reminding you that you need to restart your computer, giving you one ultimatum after another (with a maximum grace period of 4 hours), and will ultimately reboot, whether you like it or not. And these forced restarts always seem to come at the worst possible time - lots of programs open, and lots of things to do! 
When you see a bubble message from the notification area, like the one above, saying "These updates will be installed the next time you shut down your computer or at [specific date]. Installing updates might cause your computer to restart, so please save your work
" - you'll know that an computer Windows is unavoidable.
You can avoid that kind of situation with the second setting, which lets you download the update, but instruct Windows 7 NOT to install them until you give it the go-ahead. Pick "Download updates but let me choose whether you install them" from the dropdown menu under Important Updates: 
With that option, you'll get the system tray reminder shown earlier, telling you that new updates are available, but leaving you in control - no more catastrophic reboots to deal with! 
Important: some patches may be critical, so you have to pay attention to the update messages Windows 7 gives you. The critical updates are in fact critical, and designed in many cases to prevent a newly discovered virus from compromising your computer - don't become complacent.
Don't pick the setting called "Check for updates but let me choose whether to download and install them". Here's why: when you are ready to install the updates (when you know that you won't need to use your PC during a break, for example), you'll also have to wait for the download to complete, not just the installation. And Windows Update may download a large file, or a bunch of smaller ones (especially on Patch Tuesday!) That could force you to postpone the update, or corner you with an untimely reboot request - what we wanted to avoid in the first place. With the previous setting, updates are seamlessly downloaded (really) - and they're ready when you click Install! 
You should not pick that setting under any circumstance: even if that particular machine never goes online, it may access your local network, you could transfer files from a flash / USB drive or other external device, etc. An infected file on this machine could create problem elsewhere. Just like you should not run Windows 7 without antivirus protection either, even if the machine is always offline (cost is no longer an argument, with free, quality software like Microsoft Security Essentials or Avast). 
FYI: another nice side-effect of not installing updates automatically or right after they've been released is that -as long as it's not absolutely critical- it gives you a few days to wait and see if those patches cause Windows 7 boxes to become unbootable or create any other type of problem.
The next options let you control security and updates deemed "non-important" - it doesn't mean that they don't matter, just that they aren't critical. If you get the offer to upgrade Windows Update to the "Microsoft Update" feature, take it: it will allow the Control Panel to deliver updates for other Microsoft software on your computer, not just Windows 7 itself. Here's an example of an optional one designed to update Security Essentials' virus definition file (which you can do manually) - definitely important! 
If the "Give me recommended updates the same way I receive important updates" checkbox is checked, Windows Update will include non-critical patches in the list of "important updates
", so you'll end up getting them automatically when you click "Install" - no need to install them separately. 
The "Allow all users to install updates on this computer" feature is enabled by default. Whether you keep that option is a judgement call: in the absolute, your machines will be safer if you don't need to be an administrator (or know its password) to be able to keep PCs up-to-date. On the other hand, that removes control over which updates you decide to install, and how soon. (That doesn't matter on a professionally managed corporate network, where you can set company-wide policies for Windows, but it does in a home office setup.) Take your pick, keeping in mind that the default is more secure. 
As mentioned earlier, it's easier to get all your updates in one place: keep the "Give me updates for Microsoft products and check for new optional Microsoft software when I update Windows" checkbox checked to know when (if?) Microsoft ever releases an upgrade or an overdue new version of, say, Windows Live Mail (a free email program you'll need, since Windows 7 doesn't include one!) 
Checked by default, "Show me detailed notifications when new Microsoft software is available" makes any Microsoft product tell you when a new version has been released, even if automatic updating is turned off in Windows Update. It doesn't download anything, it just informs you about the new release. If you don't want to know about new versions, uncheck that checkbox. You can still view these upgrades in the Control Panel if the previous option ("Microsoft Update
") is enabled: 
Tip: regardless of your Windows update settings, you'll still get notices from third-party software that doesn't upgrade itself through that channel. That most notably includes the Acrobat PDF Reader, the Flash player, Java, etc. The only upgrades you get through Windows are patches, drivers, and other Microsoft software like the Windows Live suite or Microsoft Security Essentials / Windows Defender.
Tip # 2: for quick access to Windows Update, you can 