The Malware-Treadmill

Sheesh! I’m glad I don’t use that other OS any longer.“Microsoft is issuing the largest number of monthly security advisories since June 2011, five of them critical and affecting all supported versions of Windows. And applying the patches will be time consuming” Early in M$’s day on the west coast, M$ unleashes a raft of patches that plug gaping holes in their OS and until you get them applied your ship is as good as sunk. Who would board a cruise-ship that worked that way? Who would board an airplane that worked that way? Why trust your well-being to that other OS when it has been proven repeatedly to put all you do at risk?

I recommend Debian GNU/Linux. If that other OS is still working on your machine you can install Debian GNU/Linux instead simply by backing up your data and visiting Goodbye-Microsoft.com. Debian’s not perfect, but it doesn’t have to be perfect to be dramatically safer than that other OS. I’ve had two or three problems with patches in GNU/Linux in fifteen years of use. That other OS frightens people monthly…

See Patch Tuesday: 16 security advisories, 5 critical for Windows.

About Robert Pogson

I am a retired teacher in Canada. I taught in the subject areas where I have worked for almost forty years: maths, physics, chemistry and computers. I love hunting, fishing, picking berries and mushrooms, too.
This entry was posted in technology and tagged , , , , , . Bookmark the permalink.

6 Responses to The Malware-Treadmill

  1. oiaohm says:

    kurkosdr please give up on your bull crap about Linux requiring reboots. It is so much a joke its not funny. Remember restarting X11 or any other service does not require reboot.

    Getting list of all deleted files still open is one simple command lsof +L1 restart services and get users to log out and back in of those who have deleted. Problem solved no reboot.

    kurkosdr Linux for a long time has support what Windows 10 does where it downloads and installs all security updates before asking for a reboot if that is required.

    If you said Linux does not require restarting of services I would call you a lier. A secure system requires running lsof +L1 from time to time and restarting stuff.

    You will never fine systemd pid1 on the deleted file list after a apt-get. Why when new version installs command goes to systemd pid1 to swap places with the new version. Same with logind. There are becoming quite a few services that update while running. X11 and Wayland will most likely always require a logout and back in. One of the changes coming from logind is removed need to restart the login manager because logind shuts login manager down after user login on systems that support as user X11.

    So X11 issue like the TMR site writes up is reduce in a lot of cases to logout and log back in not a reboot on more modern day Linux systems. There is a valid complaint that Linux is not informing users when they need to log out and back in as much as it should.

    In fact Linux is becoming less requiring of reboot. Yes PID1 replacing itself in place is something the sysvinit core process use todo all the time.

    kurkosdr basically keep on pushing the bogus story and sooner or latter you will be just a complete laughing stock.

    kurkosdr greping the proc to find out that you have unlinked .so files is the most stupid way possible. lsof +L1 exists for very good reasons.

    Really in time it should be added to systemd service management. Detect unlinked files in /usr and suggest restart of service is really not that hard.

    Linux distributions are going to come out some time in future with a running kernel patch to most security issues.

    Only things on Linux that truly require a reboot is kernel changes that you don’t have a hot patch for. Linux state checking with lsof +L1 is simple.

  2. kurkosdr says:

    @MrPogson

    If Desktop Linux doesn’t have security problems, then WHY, or WHY, do security updates for X.org are released? Why does Desktop Linux need security updates at all for any of it’s subsystems?

    http://www.tmrepository.com/fudtracker/linux-does-not-require-reboots-revisited/

    http://tmrepository.com/trademarks/linuxdoesnotrequirereboots/

    Desktop Linux needs security updates as often as windows, if you want to be as secure.

    Now, go hide behind the fact nobody wants to target a system that has 1-2% marketshare. Unless it’s a server, in that case see the recent high-profile hacks of Linux servers.

    PS: And don’t get me started about that *other* Linux-based OS, Android, where vulnerabilities from the 4.0 or 4.1 era linger inside non-updated devices for years, like the vulnerability exploited by the “bromium” exploit. At least with Microsoft, every low-end less-than-10-years-old Windows device has the latest patches. That’s secure.

  3. kurkosdr says:

    “Can you imagine anyone else doing that? Imagine yourself signing the lease on your car, whereby you agree to 20-pages of stipulations of what you can and cannot do, and oh by-the-way, the manufacturer cannot be sued or held liable for anything.”

    Please point to one car manufacturer that promises total security of the alarm system and locks system. Oh yeah, it doesn’t exist.

    The real problem with EULAs is when the software doesn’t work at all. It’s how software vendors can release downright defective software out of the door that doesn’t even do what was promised in a borderline level, and said vendors aren’t olbigated to do anything more than promise an update sometime in the future. Or even tell you how to make it work.

  4. matchrocket says:

    It’s not the number of patches released each month or how critical they are that people should be concerned about. It’s the thousands of vulnerabilities yet to be discovered or never to be discovered by the white hats that everyone should be concerned about. Windows will always be a security nightmare no matter how many patches are applied or when they are applied. It’s just pissing into the wind. A complete false sense of security.

    How long have these current vulnerabilities been around? How long have next month’s vulnerabilities been around? Since forever. The bad guys are manipulating Windows to their own advantage with vulnerabilities yet to be discovered and may not ever be discovered. Think you’re safe with Windows? Look at the life support system you have in place to keep it from being owned for even just 5 minutes by itself on the Internet.

  5. dougman says:

    Good thing consumers are forced to agree to the EULA, otherwise M$ would be sued to non-existence.

    Can you imagine anyone else doing that? Imagine yourself signing the lease on your car, whereby you agree to 20-pages of stipulations of what you can and cannot do, and oh by-the-way, the manufacturer cannot be sued or held liable for anything.

Leave a Reply