The myth of the thousand updates for Linux, debunked

published Oct 20, 2007, last modified Jun 26, 2013

For the last six months, I’ve been reading article after article spewing the same bovine manure: Look at how many updates Distribution X issued! How can it be more secure than Windows? Let’s bury that stupidity under a ton of facts:

Microsoft shills’ latest tune goes something like this: “but Linux is so much more insecure than Windows — just look, every day you see security updates released!”.

True: open up your Linux distribution’s update manager after three months of not upgrading, and you will see quite the list. Probably a bit more than your Windows or Mac OS X updates.

But only a minority are security updates. From that minority, only a handful apply to your scenario. And even so, the number of updates is of no consequence. As a matter of fact, you should be happy you have all these updates for you to install.

Don’t just take my word for it — let’s explore why.

Linux updates: much more modular

When you update your Linux system, you’re not just updating the operating system, but system services, libraries, applications and artwork as well. In a modern Linux distribution, you can expect about a thousand quarter-of-a-megabyte discrete applications (packages), instead of ten monolithic applications.

So it’s not the number of the updates that amazes, but the fact that the system is so modular (and yet hangs together so well) that updating it will trivially fast and easy. Just push Update.

And the icing on the cake? You don’t even need to think about it. On all modern distributions, it’s all handled for you.

Not all bug updates are equally relevant

Repeat after me: Not all bugs are equally relevant:

  • Some applications have issued updates because there was a non-security-related bug.
  • Some security issues are zero-risk in your scenario (which is in all likelihood a desktop scenario).

If you don’t run a DNS server, you don’t need to fret about the availability of an update for the DNS server. If you don’t run, you can rest at night every time an update for is released. And if you don’t know whether you run these examples, you can exhale and sleep tight because, in all likelihood, you ain’t running them.

Secure by default

On modern distributions, all network services are secured by default. This usually means:

  • If they’re add-on services, they don’t start unless explicitly installed and activated.
  • If they’re required for everyday system operation, they don’t listen to network requests.

It doesn’t take a genius to understand that, if your computer is ignoring malicious network activity, your attackers don’t stand a chance.

Not all updates are for security issues

In fact, those comprise a minority. Most updates are for new revisions of your applications — hundreds of bugs squashed, and (most juicy) new, useful features!

Keep reading. We’ll see what other benefits modern Linux has for you in the applications and update management department.


One big supermarket of applications

Windows update updates Windows (and Office). Your antivirus updater updates the antivirus. How many administration tasks does it take before you go insane?

On Linux, you get one screen. One place to look for. That’s only one.

It updates the entire collection of applications, usually hours or days after they have been released. What’s more: it’s customary for that same screen to offer tens of thousands of applications for you to try out and install — just a few clicks of the mouse, and your favorite app is downloaded and installed after a few minutes.

For free.

In fact, modern update systems for Linux are so powerful, that they can migrate your entire Linux setup to an altogether new version, straight from the Internet, nary a single reboot required.

End-to-end package management and system integrity

When was the last time you purged an application from a Windows system?

Despite the wide availability of “installers” under Windows, there still isn’t a package management system. Applications are free to dump crap everywhere they have write access to (and they usually do). When you uninstall them, they reguarly leave Registry settings there. You can’t ask the system to tell you which files a particular application installed (at most, you might look under the Program Files folder, but that’s just the beginning of the story).

None of this happens on modern Linux (unless you have installed software by compiling from source). The package manager can and will tell you:

  • if a file from a program has been modified or corrupted,
  • if its configuration has been touched, or
  • if its integrity has been compromised.

After you wipe a package, all of its files (which were properly tracked from the start) will be dead and gone. Complete end-to-end system integrity. So the next time you’re staring at an odd file in the Windows SYSTEM directory, or a DLL conflict, you’ll be wishing you had Linux’s advanced automatic package management tools.


So, in summary, yes, the pace of updates in the Linux world is faster. Combine that with the facts I just presented, and the corollaries are:

  1. When you issue an update, you’re getting the best of both worlds: security and new, fresh stuff to use.
  2. You can install new and exciting things, and they will be duly upgraded in the next course of updates.

Compare that to the puny proprietary alternatives. When was the last time you used your system’s update tool to get the latest version of Oracle or Photoshop (for free)? Maybe a bump from Office 2003 to Office 2007?

Not a chance, dude. Stop buying marketeer hogwash and get with the program already.