basic - continued - automatic updates

Mon Feb 8 02:39:09 UTC 2010

Rashkae wrote:
> Odd wrote:
>
>   
>> That is true, but at least a rootkit can't be installed. Anyway, I suppose
>> we'll need antivirus on Linux too, if regular users without the technical
>> knowhow starts using it in large numbers.
>>
>>     
>
> The concept of anti-virus, and even anti-rootkit is badly broken.  I 
> know it's the best defence we can provide on Windows, where Users have 
> to be afraid of clicking on e-mail for $DEITY's sake, but the idea that 
> the only future for computer security is a perpetually infinitely 
> growing blacklist depresses me.
>
> Security in Linux is a matter of being vigilant about relevant updates 
> to exposed systems and pipelining as much software installation as 
> possible through trusted repositories.  Yes, the repository can be 
> compromised, but I doubt anti-virus will really help here.  If someone 
> had the rare chance to infect a trusted repo, they would probably take 
> the time to craft/find an hereonto unknown infection agent.  Same goes 
> for significant zero day security exploits (which strangely enough, seem 
> to be very rare in open source software.)
>
> Having to rely on the blacklist software, even as a feel good safety 
> blanket, means your security measures have already failed, badly.  Take 
> for example the recent teacup storm about .Desktop files.  It took 
> someone to actually create and publicize a proof of concept to get 
> attention to the issue, but sure enough, next version of Gnome to 
> release no longer executes commands at a click unless the file was given 
> Unix execute permission, (which won't happen from, say, an e-mail 
> attachment.)
>
> Compare that to Windows.  It took Microsoft over 10 years, 10 years! 
> before they finally admit that Autorun of executable code on media was 
> maybe not such a great idea. (Just when you though traditional virii for 
> computers were extinct with the obsolescence of boot floppies, they were 
> given new life from this vector alone!)  of course, people have been 
> saying that since Window 95 first introduced the 'feature.', but it took 
> until some of their big government and corporate clients actually had 
> their networks p0wned before they could be assed to admit it.  If you 
> ever want an example about how serious MS is about security, and why you 
> need two - three layers of memory hogging software protection to even 
> think of using a windows workstation with access to a public network 
> (ie, Internet), there is a great one.
>
> And then there's Adobe,,,, if there's a company in my mind with a recent 
> track history of being even more criminally negligent with the security 
> of 90%+ computers in the word than MS, it's Adobe,,, but this rant is 
> long enough already.

I got updated from 9.04 to 9.10 without wanting to go. This happen
when 9.10 was not ready for use. I later got a new copy of a Linux
magazine and started over with a new hard disk. Everything works
now. I have rejected updates. My update list states over 100 update
files to be install. Is it worse to avoid risking repeat problems than to
allow the updates?

Thomas