Latexluv opened this issue on Oct 12, 2014 ยท 96 posts
shvrdavid posted Mon, 27 October 2014 at 5:12 PM
Um, Debian has had forced upgrades on the server side of things. It was for a Heartbleed hole if I remember correctly (May have been another one, it has been a while since I ran into that). Server issues are basically the only way a linux system can get a virus, and that involves infecting the repository so that a trusted update can install the virus. It does not happen very often because the servers are usually locked down tighter than Fort Knox ever was. But it has happened.
As more people migrate to Linux security fixes that force updates will probably happen to Debian PC as well. It will have to be a massive hole, that somehow was missed for it to be any issue to worry about. Or a compromised repository that requires Pc versions to be patched. The user permissions in Linux are rather tight to prevent things from going horribly wrong in the first place, but it does not always work out as planned.
Linux is far safer than Windows due to how the permissions and root access work, but that does not mean that it can't have an issue. Can't does not mean that someone wont find one. I will say that the monolithic kernel idea is one of the best ones ever created, assuming you use proper user permissions to keep it safe. But Linux didn't invent that, Berkley did. In BSD Unix, in the 70's (yes, you can argue that Pl/s kernels from IBM could do it as well. But it depended on how it was setup on install.)
vilters,
Linux is never an open book, that is the beauty of it. The security which came from BSD Unix locks a system down far more than Windows ever dreamed of. It does not work anything like it does in Windows. Even if port 80 is in use in Linux, anything that is deemed off limits will prompt you for a password. You can't hack past that without the password. The only real way around it, is to infect a repositiry (the updates). What that does is add malicious code to an update that would have to jot down your password and go from there. Even if it has your password, there would have to be a rather substantial kernel change to hide it from the user. It is not impossible to do it, but it is not real probable that you will pull it off for long before a patch is made and the infected server is back to normal. There are just to many people watching that for it to go un-noticed for long.
I have far more experience with Linux/Unix on the server side than the home version side. To me there just isn't enough support on the home side yet to use it. I wish there was, because it would remove most of the headaches that you get in Windows. Hopefully someday there will be far more support for Linux/Unix.
Some things are easy to explain, other things are not........ <- Store -> <-Freebies->