1) Windows update installed just security updates instead of potentially disruptive crap "features". The epitome of that, is of course forced update to Windows 10. Ads in Explorer is a close second. This would reduce the frequency of updates significantly as well, which would also help.
2) Windows update would use a sane default of not rebooting you while you are in the middle of something.
There's a setting that you can do where windows installs update in the background, with no user intervention, but IFF it doesn't require a reboot, and asks otherwise. But this setting requires Group Policy (or being part of a domain), so it's not available to non-Pro Windows customers (and it's a very esoteric option users won't know about anyway).
You can also reduce the frequency of updates with "install updates for windows only", but you can't really restrict yourself to only security updates (unless you run Windows 10 Enterprise LTSB edition, which you don't).
Actually the best thing for Windows, both usability and security wise would be to make Windows 10 Enterprise LTSB edition the version of Windows people use.
I am not sure that it's really feasible to decouple feature and security updates though. With Microsoft releasing two major feature updates a year, how many variations of this can they support if anyone along the way decides to freeze their current set of features and only get security updates for them?
Regardless, as a heavy Win10 user across several machines I've found the whole "disruptive" / "spyware" / "crapware" FUD being pushed by some HN posters to be way overblown. Yea, there have been a few annoyances such as the OneDrive ad that showed up a month or two ago, but these are all extremely minor compared to the mountains of advertising and tracking crap we get hit with every day from web sites, apps, and search engines.
> With Microsoft releasing two major feature updates a year, how many variations of this can they support if anyone along the way decides to freeze their current set of features and only get security updates for them?
As I said, it is totally feasible because Microsoft is already doing it with LTSB.
1) Windows update installed just security updates instead of potentially disruptive crap "features". The epitome of that, is of course forced update to Windows 10. Ads in Explorer is a close second. This would reduce the frequency of updates significantly as well, which would also help.
2) Windows update would use a sane default of not rebooting you while you are in the middle of something.
There's a setting that you can do where windows installs update in the background, with no user intervention, but IFF it doesn't require a reboot, and asks otherwise. But this setting requires Group Policy (or being part of a domain), so it's not available to non-Pro Windows customers (and it's a very esoteric option users won't know about anyway).
You can also reduce the frequency of updates with "install updates for windows only", but you can't really restrict yourself to only security updates (unless you run Windows 10 Enterprise LTSB edition, which you don't).
Actually the best thing for Windows, both usability and security wise would be to make Windows 10 Enterprise LTSB edition the version of Windows people use.