Peppermint OS Community Forum

General => GNU/Linux Discussion => Topic started by: Fritz74 on February 09, 2017, 04:48:09 pm

Title: Updates and potential threats
Post by: Fritz74 on February 09, 2017, 04:48:09 pm
I know very little about the inner workings of the OS, so I have been wondering: How would an attacker or a virus use a vulnerabilty in a program on a Linux computer that has not been fixed by an update yet?

A few days ago, I followed a discussion among people who were trying out Manjaro. Some reported that after a few days an update broke their system. To me, it seemed unnecessary to update a desktop pc every day.

Given the following scenario: A pc at home with Peppermint OS behind a router and with a firewall that blocks incoming connections. If no updates were made, how long would it take until the system would be damaged? What would be the most probable threats?

Thanks in advance.
Title: Re: Updates and potential threats
Post by: Pjotr on February 09, 2017, 05:53:47 pm
Most likely scenario would be: a rogue website or attack code in ads exploiting weaknesses by means of your web browser. Time until this happens: unknown.

You don't get security updates for nothing. Always install them rightaway. As Peppermint uses an LTS version of Ubuntu as codebase, the risk of regressions caused by updates is small.

Sidenote: that regression risk could even be made smaller if Peppermint would support the update policy feature of Update Manager, but that's currently not the case (yet?).   :P
Title: Re: Updates and potential threats
Post by: PCNetSpec on February 11, 2017, 11:47:44 am
Not biting Pjotr .. We need a <shakes head in exasperated dissent> smiley :)
Title: Re: Updates and potential threats
Post by: Fritz74 on February 11, 2017, 12:10:27 pm
@Pjotr: Thank you for the answer! It would be a funny experiment, testing how long it takes until some bad things happen.
Title: Re: Updates and potential threats
Post by: kimbopeppermint on February 27, 2017, 05:44:28 pm
Well assuming the attacker doesn't know your local ip and public ip, i think it would take quite a while. Because often the weakest part of security is the user, and if you were leaving a Linux box alone for extended time, on or not. It's not calling Microsoft and the NSA, so its not really doing anything. Like mentioned earlier, you'd have to be using outdated software, and be actively misclicking and going on infected/malicious sites and letting them run malicious javascript on you.