12 Apr
2019
12 Apr
'19
10:44 a.m.
On 12/04/2019 09:03, deloptes wrote:
Thierry de Coulon wrote:
.. and I disagree with you. On the basis of your argument, we should not
use the internet full stop as any software we use must be suspect as it
will be continually upgraded. I'm not saying don't upgrade but to
blindly upgrade is as bad as blindly not upgrading. Why should I believe
ANY upgrade is more secure than the last? Upgrades are screwed up on a
regular basis both by introducing security flaws and bugs and also
removing/changing features that one needs. Do we read all the changelogs
before doing apt upgrade? No, but we should if we want reliability.
Anyway I think this "upgrade/update"
craze is mostly the result from
Microsoft, Apple and Google having to frequently patch their buggy OSes
and using this to force users to adopt their latest control options. Now
it's become a fashion.
I have here a few installs with fairly old Linux versions and never got a
problem - I agree I'm certainly not a prime taget for hackers...
I disagree
here, because if you look at what was recently upgraded in
Stretch, these are openssh and similar, which are critical and I would not
advise anyone with access to the internet to not upgrade frequently. This is also not "Microsoft, Apple and
Google" madness, but a normal
software cycle. If you want to have latest bug and security fixes, do
upgrade regularly.
Read above.
Now for TDE, it is so stable, that you may have the impression you do not
need it, but still the system should be up to date, to not allow undesired
intrusions.
Upgrade for improvements, no problem, but read above.
If you are target or not - you do not know. I see in the last couple of
months constant brute force attacks on my ssh server
and upgrading will stop that? No. A bit of filtering of known spam IPs
would help much more.
Security for security's sake is a nightmare. If somebody can utilise a
security flaw in my TDE desktop, I've already got big, big problems.
--
Mike Howard