Notifying users of updates
Notifying users of updates
Posted Feb 14, 2008 3:48 UTC (Thu) by midg3t (guest, #30998)Parent article: Eee PC security or lack thereof
Update-notifier is a useful part of the solution.
Posted Feb 14, 2008 4:19 UTC (Thu)
by JoeBuck (subscriber, #2330)
[Link] (1 responses)
So it isn't good enough to have a "notify that there are updates" mechanism.
A vendor might mitigate that risk by coming up initially in a "safe mode", where the very first thing the user does is grab the updates, with as tight as possible a firewall installed. If the purchaser of a new box pretty much has to install the security updates before having a fully functional machine, that should mitigate security disasters.
If vendors won't do the responsible thing, then we have to make sure that users understand that security updates are not optional. And if a vendor doesn't provide adequate security coverage, then we need to shame them into it.
Posted Feb 14, 2008 6:59 UTC (Thu)
by midg3t (guest, #30998)
[Link]
If a vendor sells someone a Linux machine, with a distro on that machine that is several months old, it might take a half hour to download all of the updates. During all that time, the machine is on the net. If that machine is only going to be operated on a home or corporate network behind a firewall, that interval might be safe enough to deal with. But if the user is more directly on a public network, he/she might be rooted before the updates complete. Once a single vendor has sold close to a million machines, that's a target that the black hats might consider going after aggressively. And if it comes up with Samba enabled by default, complete with remote root exploit, and this is known ...
You missed the point
Good suggestion
I like your suggestion of requiring security updates upon first boot.
Of course there would have to be a small button that says "No thanks, I know what I'm doing"
for when the update server is unreachable.