basic - continued - automatic updates

TSmith valhalla2100 at
Mon Feb 8 02:39:09 UTC 2010

Rashkae wrote:
> Odd wrote:
>> That is true, but at least a rootkit can't be installed. Anyway, I suppose
>> we'll need antivirus on Linux too, if regular users without the technical
>> knowhow starts using it in large numbers.
> The concept of anti-virus, and even anti-rootkit is badly broken.  I 
> know it's the best defence we can provide on Windows, where Users have 
> to be afraid of clicking on e-mail for $DEITY's sake, but the idea that 
> the only future for computer security is a perpetually infinitely 
> growing blacklist depresses me.
> Security in Linux is a matter of being vigilant about relevant updates 
> to exposed systems and pipelining as much software installation as 
> possible through trusted repositories.  Yes, the repository can be 
> compromised, but I doubt anti-virus will really help here.  If someone 
> had the rare chance to infect a trusted repo, they would probably take 
> the time to craft/find an hereonto unknown infection agent.  Same goes 
> for significant zero day security exploits (which strangely enough, seem 
> to be very rare in open source software.)
> Having to rely on the blacklist software, even as a feel good safety 
> blanket, means your security measures have already failed, badly.  Take 
> for example the recent teacup storm about .Desktop files.  It took 
> someone to actually create and publicize a proof of concept to get 
> attention to the issue, but sure enough, next version of Gnome to 
> release no longer executes commands at a click unless the file was given 
> Unix execute permission, (which won't happen from, say, an e-mail 
> attachment.)
> Compare that to Windows.  It took Microsoft over 10 years, 10 years! 
> before they finally admit that Autorun of executable code on media was 
> maybe not such a great idea. (Just when you though traditional virii for 
> computers were extinct with the obsolescence of boot floppies, they were 
> given new life from this vector alone!)  of course, people have been 
> saying that since Window 95 first introduced the 'feature.', but it took 
> until some of their big government and corporate clients actually had 
> their networks p0wned before they could be assed to admit it.  If you 
> ever want an example about how serious MS is about security, and why you 
> need two - three layers of memory hogging software protection to even 
> think of using a windows workstation with access to a public network 
> (ie, Internet), there is a great one.
> And then there's Adobe,,,, if there's a company in my mind with a recent 
> track history of being even more criminally negligent with the security 
> of 90%+ computers in the word than MS, it's Adobe,,, but this rant is 
> long enough already.

I got updated from 9.04 to 9.10 without wanting to go. This happen
when 9.10 was not ready for use. I later got a new copy of a Linux
magazine and started over with a new hard disk. Everything works
now. I have rejected updates. My update list states over 100 update
files to be install. Is it worse to avoid risking repeat problems than to
allow the updates?


More information about the ubuntu-users mailing list