Which of the following is not a recommended strategy for securing an Operating System?

Question $4$ options:

Patches and updates released by the OS vendor should be delayed until any potential compromises have been evaluated.

The amount of unutilized services, software, and processes should be reduced or eliminated.

The configuration of all services and software should be highly secured while providing access to resources.

Information about the systems' identity, services, and capabilities should be minimized.