Rudd-O.com

For the last six months, I’ve been reading article after article spewing the same bovine manure: Look at how many updates Distribution X issued! How can it be more secure than Windows? Let’s bury that stupidity under a ton of facts:

“Look at the pace of the update releases!”

Microsoft shills’ latest tune goes something like this: “but Linux is so much more insecure than Windows — just look, every day you see security updates released!”.

True: open up your Linux distribution’s update manager after three months of not upgrading, and you will see quite the list. Probably a bit more than your Windows or Mac OS X updates.

But only a minority are security updates. From that minority, only a handful apply to your scenario. And even so, the number of updates is of no consequence. As a matter of fact, you should be happy you have all these updates for you to install.

Don’t just take my word for it — let’s explore why.

Linux updates: much more modular

When you update your Linux system, you’re not just updating the operating system, but system services, libraries, applications and artwork as well. In a modern Linux distribution, you can expect about a thousand quarter-of-a-megabyte discrete applications (packages), instead of ten monolithic applications.

So it’s not the number of the updates that amazes, but the fact that the system is so modular (and yet hangs together so well) that updating it will trivially fast and easy. Just push Update.

And the icing on the cake? You don’t even need to think about it. On all modern distributions, it’s all handled for you.

Not all bug updates are equally relevant

Repeat after me: Not all bugs are equally relevant:

• Some applications have issued updates because there was a non-security-related bug.
• Some security issues are zero-risk in your scenario (which is in all likelihood a desktop scenario).

If you don’t run a DNS server, you don’t need to fret about the availability of an update for the DNS server. If you don’t run OpenOffice.org, you can rest at night every time an update for OpenOffice.org is released. And if you don’t know whether you run these examples, you can exhale and sleep tight because, in all likelihood, you ain’t running them.

Secure by default

On modern distributions, all network services are secured by default. This usually means:

• If they’re add-on services, they don’t start unless explicitly installed and activated.
• If they’re required for everyday system operation, they don’t listen to network requests.

It doesn’t take a genius to understand that, if your computer is ignoring malicious network activity, your attackers don’t stand a chance.

Not all updates are for security issues

In fact, those comprise a minority. Most updates are for new revisions of your applications — hundreds of bugs squashed, and (most juicy) new, useful features!

Keep reading. We’ll see what other benefits modern Linux has for you in the applications and update management department.

Pages: 1 2

This entry was posted on Monday, October 22nd, 2007 at 21:18 and is filed under Information security, Linux, Windows. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.