And in some cases, people will compile or install applications outside of any OS mechanism. Others, such as many BSDs, have a distinction there. Some OSs, such as Debian, make little or no distinction between the base OS and the applications. All the libraries needed to run all of the above.What is “your system”?Ī critical point here is: what is “your system”? It includes: That said, it is rare to find any system living truly all the way in that scenario, as you’ll see. This is a fallible situation humans are busy, take trips, dismiss alerts, miss alerts, etc. Every other situation relies on the timeliness of human action to keep up-to-date with security patches. It should be obvious that the first situation is ideal. The operator has no way to detect vulnerabilities or necessary patches The operator is automatically alerted to necessary patches, but they require significant effort to apply The operator is automatically alerted to necessary patches, and they can be easily installed with minimal intervention It runs roughly like this, from best to worst:Īll components are kept up-to-date automatically, with no intervention from the user/operator There is something of a continuum of how you might patch your system. Of course, you have to do other things as well – good passwords, secure practices, etc – but, fundamentally, if your system lacks patches for known vulnerabilities, you’ve already lost at the security ballgame. Now then, it follows that applying those timely patches is a critical part of having a system that it as secure as possible. ![]() For a (hopefully large) subset of those vulnerabilities, timely patches will become available. Let’s assume that these statements are true, which I think are well-supported by available evidence:Įvery computer system (OS plus applications) that can do useful modern work has security vulnerabilities, some of which are unknown at any given point in time ĭuring the lifetime of that computer system, some of these vulnerabilities will be discovered. I will write about that later.īut for now, I wanted to comment on something I think is often overlooked and misunderstood by people considering distributions or operating systems: the huge importance of getting security updates in an automated and easy way. I write this in the context of my decision to ditch Raspberry Pi OS and move everything I possibly can, including my Raspberry Pi devices, to Debian.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |