Re: Why Kernal Updates?
In Linux, it isn't just for security, although this is an excellent reason in and of itself. Unlike the case with lock-in OSes, in Linux, most mainstream drivers are also included in the kernel. Therefore, continuing patches are needed both to add new driver support and to prune obsolete drivers.
Originally Posted by kernalkorn
If only it were that simple. The main problem with XP (and Windows in general) is that the whole OS is designed with security only as a distasteful afterthought. Examples: NTFS still has no file permissions, the whole OS is practically based on absurd remote procedure calls, it is still necessary to run far too many services for the OS to even function, etc. The list is endless. For Windows to become as natively secure as Linux, it would have to be totally redesigned from the ground up under a culture that is the opposite of the one it has cultivated so far. Pigs will fly first.
One of the reasons XP has had so many malware attacks are the sloppy way in which graphics and other IO functions were coded at kernal level.
Only if you install restricted extras, but almost everyone does, so the practical answer is Java is present of (I'm guessing) 95% of Ubuntu installations.
Does FF for Ubuntu have Java capabilities by default?
Good question, which is more in the line of the security gurus over on the security forum. My very uneducated guess would be that Ubuntu is more resistant to Java exploits for the same reason that it is resistant to non-Java exploits--it's strict default insistence on passwords and similar default to restricted privileges for user accounts. But I am flying blind on this one. I don't have Java installed. Don't use it, so don't really know.
Is Ubuntu safe from Java exploits, assuming a Java plug-in is not on the browser?
Bad guys will go after anyone they can, and are quite agnostic about the OSes that their victims run. That said, there is (in my opinion) no worse browser than Internet Explorer, and its native insecurity is multiplied many times over by MS's decision to make it an inseparable part of their OSes. This migrates any browser flaw into the OS itself, and is simply a loopy dufus design driven by considerations of fending off competitors more than any considerations of security.
...are all Jave exploits aimed at winders?
Apache servers are likely a more prized target than any other target to the bad guys of the world. It's a testament to Linux that the vast majority of compromised web servers out there are Windows and not Apache.
What about apache servers etc?
I am very worried about leaving the impression that security in Linux is just hunky-dory. It isn't. It requires the right kind of knowledge and ongoing good practices. The vast majority of new users migrating from Windows brings with them the atrocious security practices that Windows has trained them to follow. And it should surprise no one that if you treat Linux like Windows, then it will end up with just as many security holes as Windows. Linux isn't a magic wand. If you have further curiosity about Linux security, then I recommend the following links:
Newb: How far must I jump to clear the ledge halfway down?
Guru: It's bad to jump off cliffs. Let's look at better options.
Newb: Stop harping about "best practices" and just tell me.