Infection

M$ reports that 5% of PCs running that other OS are infected. M$ found 70% of the infected machines had an exploit of Java running. That information could be interpreted different ways. Since the vulnerabilities were patched years ago, I think M$ is at fault for producing a system where an ordinary person has to be a system administrator for ever more complex computer systems. It does not happen. People may turn on “autoupdate” but on that other OS that does nothing for Java and other applications that may develop exploits.

see Network World

GNU/Linux on the other hand has package management that covers the operating system, the utiliies, the libraries, configurations and applications. Everything gets updated to the latest security patches with a few clicks or periodically if that option is chosen. It’s just a better way to do IT.

About Robert Pogson

I am a retired teacher in Canada. I taught in the subject areas where I have worked for almost forty years: maths, physics, chemistry and computers. I love hunting, fishing, picking berries and mushrooms, too.
This entry was posted in technology. Bookmark the permalink.

23 Responses to Infection

  1. Linux Apostate says:

    A virtual machine would be about the only place I’d be willing to test it, based on past experience. Another option is to create a chroot, this has a lower overhead than a VM.

  2. APT takes care of lots of problems and if there is a conflict, one can always run the “foreign” app in a virtual machine installed with a minimal OS with the necessary dependencies.

  3. Linux Apostate says:

    Have you tried using the experimental version? Have the shared library conflicts with stable been resolved yet?

  4. Iceweasel has security-updates and if you want a more current version you can use testing or experimental versions. APT is so selective you can ask for a particular version.
    Package iceweasel
    experimental (web): Web browser based on Firefox
    4.0.1-2: amd64 armel i386 ia64 mips mipsel powerpc s390 sparc
    4.0-3: alpha kfreebsd-amd64 kfreebsd-i386

  5. Linux Apostate says:

    “Windows has no actual concept of package management”

    Ahem… Add/Remove Programs? .MSI packages? “Advertised Programs” in an Active Directory environment? Though what I’m really talking about here is Windows Update which does exactly the same job as APT in a typical configuration, namely updating the base system. WU can’t be relied on to update anything else – same with APT.

    “Well, that’s your problem, not Debian’s and not Mozilla’s, if you knowingly stepped outside APT simply because you wanted a branded browser.”

    No, I wanted an up-to-date browser. Debian stable’s version of Firefox is 3.5.16:

    http://packages.debian.org/squeeze/iceweasel

    Up-to-date browser? YouDontNeedThat(TM). I notice that 4.0.1 is available if I use Debian “experimental”, but last time I tried to import official but “experimental” packages into Debian stable, the library conflicts made a hell of a mess. Try it if you want, but backup first, because you’ll probably have to reinstall unrelated things, or even dist-upgrade to experimental (which will then spam you with hundreds of megabytes of updates each week). In short, I conclude that it is simply not worth managing this particular program through APT. When installed manualy, it updates itself anyway.

  6. Adrian Malacoda says:

    I don’t think this is a big problem, but it is significant in that it is the same as the Windows situation, where some applications update themselves, and others have to be updated by hand. When you think about it, package management can really only be relied upon to update the base system, and that’s true on Windows as well as Linux.

    It can’t be true on Windows as well because IIRC Windows has no actual concept of package management.

    Potentially, “many apps remained not updated”. On my machine Firefox is outside package management because I don’t want to know about that Iceweasel rubbish.

    Well, that’s your problem, not Debian’s and not Mozilla’s, if you knowingly stepped outside APT simply because you wanted a branded browser.

    Good for you that you have no need for packages outside package management, but those repositories do not contain about half the software I need, because it’s not free (my work stuff), not Free (Flash/Opera), not for Linux anyway (Wine), or not updated in the repository (Iceweasel!).

    For proprietary apps it’s mostly their responsibility to provide adequate package management. Most of them either provide only raw binaries (i386 only! or 64-bit if you’re lucky) or installable deb files (Ubuntu only, and maybe Fedora too if you’re really lucky), and not actual repositories, because that’s the Windows way and these companies are used to that. The only proprietary app I can think of that actually provides repositories is Chrome, albeit (of course) only for Ubuntu. Bottom line is that Debian does the bare minimum its community asks to support non-free, if you want more substantial support you probably should use Ubuntu (because that’s the only distro these companies know/care about anyway). Wine on the other hand is a mixed bag, you should be lucky your proprietary Windows programs run at all in Wine. It’s theoretically possible to create apt repositories for Wine programs, but of course no one will bother to do it. If you use Wine all bets are off.

    I personally do not care for Wine that much because it creates questionable expectations and fosters the idea that GNU/Linux should be a Windows clone. That would be all well and good if Wine had more substantial support for the Windows platform (not to diss them or anything, they do a pretty good job right now) but Wine in its current state leads people to believe that GNU/Linux should be a drop-in replacement for Windows and run all of the Windows programs they already do run, and then they get surprised when it doesn’t do so well.

  7. Linux Apostate says:

    No, the software I want could never be in Debian. It is not only non-Free, it actually costs money!

    I think it would be a major chore to package it into .debs myself, though I could do that. The easiest option is just to install it in a reserved area of the hard disk, such as /opt for things installed as root, and under $HOME for things installed as myself.

  8. Exactly. There have been few times I needed or wanted anything outside the repository in the last year or so: the latest kernel because of a buggy driver, and the latest version of 2 or 3 apps that either had bugs or there was a feature in the latest version that I wanted. Google’s Chrome browser is in there, too, although it has a different name

  9. Richard Chapman says:

    Debian has the largest repositories of any distribution. That includes non-free packages. Chances are if it doesn’t have what you want, it doesn’t exist. Then there’s a way for some package managers to be configured to grab packages and tars from any web site along with the standard repositories. At least that’s my understanding.

    If the application you want doesn’t exist for GNU/Linux, that’s one thing but getting it on your system doesn’t have to be the chore that it is with Windows systems.

  10. No, that’s just apt-get. Debian does not recommend –yes because it could have undesirable consequences. During the testing phase updates do use a lot of user interaction because some features are in flux but once Squeeze became the stable release, interaction is more rare. Configuration changes usually require a decision by user or –yes but just upgrading a package do not because there are no choices to be made, the software is being replaced with something having identical configuration most times. –yes and –force-yes should be OK in most desktop installations of a stable release.

  11. Linux Apostate says:

    “That’s your system, not mine. I don’t like crap popping up telling me I have to do stuff.”

    That’s stock Debian 6.0 with a GNOME desktop. I’d hoped that other Linux users would have some idea what I was talking about here, since I’ve also seen the same feature in (pre-Unity) Ubuntu.

    Good for you that you have no need for packages outside package management, but those repositories do not contain about half the software I need, because it’s not free (my work stuff), not Free (Flash/Opera), not for Linux anyway (Wine), or not updated in the repository (Iceweasel!).

    I think this is a common situation; other Linux users in my office seem to be using applications like Spotify (via Wine), Dropbox (which updates itself) and VMware. All of which are outside package management.

    I don’t think this is a big problem, but it is significant in that it is the same as the Windows situation, where some applications update themselves, and others have to be updated by hand. When you think about it, package management can really only be relied upon to update the base system, and that’s true on Windows as well as Linux.

  12. Dann says:

    “0 3 * * * /usr/bin/apt-get update;/usr/bin/apt-get upgrade”

    Doesn’t there have to be a “–yes” and “–force-yes” as parameters for it to be non-interactive?
    Or perhaps that’s an Ubuntu-ism.

  13. Richard Chapman says:

    “The update button popped up today with some patch for “bind9″.”

    That’s your system, not mine. I don’t like crap popping up telling me I have to do stuff. That’s Microsoft’s thing. Are you sure you weren’t running Microsoft at the time? No, there are different distributions and you can configure your GNU/Linux system any way you want (I would never leave it like yours LA). I didn’t do anything special to my system. I decide when to check for updates, about every other day. I don’t have some damn pop-up bugging about it.

    Also, I have no need for packages outside of my distro’s repository, hence no partial updates. Let me repeat, THERE ARE NO PARTIAL UPDATES ON MY SYSTEM.

  14. Debian Stable rarely has a problem with updates because the package manager is supposed to test them…

    One can get a notification of available updates on the desktop. I don’t normally use that but it can prompt one to do the updates.

  15. Linux Apostate says:

    Good idea, but there are three issues with doing that:
    1. If something goes wrong due to the update, it will be harder to track down if the update was automatic. When my sound drivers stopped working, I knew it was because of the update, but that was only because I explicitly initiated the update and tested everything afterwards.
    2. Some updates require a reboot. The crontab entry won’t cause a reboot. In fact, the need for a reboot will be hidden from the user.
    3. Some updates require user interaction. For instance, you might be asked if the update can overwrite a configuration file that has been changed. What happens in these cases? I don’t know.
    I’d recommend Linux users do their updates manually through the default desktop environment which will have a little update notification widget.

  16. Just make APT do it periodically, like scheduling updates for 3am or so.

    su root
    give the password
    crontab -e
    enter on its own line
    0 3 * * * /usr/bin/apt-get update;/usr/bin/apt-get upgrade
    ctrl-o and enter to write the crontab file
    ctrl-x to exit
    exit to be yourself again

    Do that once to autoupdate everything everyday until the next release.

    That is priceless. That is performance.

  17. Linux Apostate says:

    Zombie Chan’s description sounds exactly like Linux to me. The update button popped up today with some patch for “bind9”. Root password, click update, go. So on Linux you do have “to take time out of your day and decide to do something about updating part of your system”. And also, things outside package management don’t get updated. Potentially, “many apps remained not updated”. On my machine Firefox is outside package management because I don’t want to know about that Iceweasel rubbish.

    However. Linux package management is definitely better than the rather ad-hoc system used on Windows, where applications tend to update themselves. It really would be better if this was done through a repository system, with client software that could apply the updates without hassling the user to close applications (Flash), install the Yahoo toolbar and OpenOffice (Java), or install some ultra-lame Adobe updater (Acrobat).

    To be honest I think Microsoft knows this, and the solution is coming. It is an app store, i.e. a for-profit repository. But when it comes, there will be complaints that it gives Microsoft too much control over software, and there will be competing app stores such as Steam. So the problem will still not be completely solved. But perhaps it will be solved for things like Flash and Java – and that will still be progress.

  18. So you are acting as administrator… but you wrote, “I’m not a system admin on my machine,

    I guess you meant you did not log in as “admin” or “administrator” or had admin privileges. My point was that you had to take time out of your day and decide to do something about updating part of your system while many apps remained not updated.

  19. Zombie Chan says:

    I hit the update button, then it request for the admin password.

  20. So, who updates the software? The OS? The applications?

  21. Richard Chapman says:

    It took me a while before I realized how much work I wasn’t doing with the GNU/Linux Package Manager (Synaptic in my case). All those individual update reminders: GONE. All that click next, click next, click next: GONE. All those reboots: GONE!

    With the root password and a few clicks I can update every piece of software on my computer. I know people who use Microsoft Windows are okay with the way they have to update their system. I was okay with it when I was a Microsoft Windows user too. But once you do it the easy way, the Windows way just looks clunky.

  22. Zombie Chan says:

    “I think M$ is at fault for producing a system where an ordinary person has to be a system administrator for ever more complex computer systems. ”

    … I’m not a system admin on my machine, I was never forced to be logged into as admin. The same thing is with my mother and father.

  23. Ray says:

    Until you realize that most people just ignore them 🙁

Leave a Reply