Given comments from Kaspersky - which you may agree with or not (although Kaspersky does carry a lot of cred), is apt-secure secure enough? And indeed, does apt-secure actually kick in for auto-updates?
Given comments from Kaspersky - which you may agree with or not (although Kaspersky does carry a lot of cred), is apt-secure secure enough? And indeed, does apt-secure actually kick in for auto-updates?
I think the article makes this assumption.
Of course if users install software from untrusted sources, they are vulnerable to malware. If users stick to the ubuntu software repositories, which use gpg signatures to verify authenticity, they aren't vulnerable. The only thing you need to worry about is if someone manages to spoof your update server, hold back a specific security update, then exploit the vulnerability which would have been fixed by the update. This can be prevented (or at least detected) by adding SSL encryption to the repos.Users will always want to run whatever they want, whenever they want, regardless of security concerns.
I usually stick to the repos as well, although every now and then I've added one, such as for virtual box. the problem seems to me to be at the repo end, not the user side, because, as they said, people will always do things that end up being bad and I guess as long as the repos keep up with stable updates and no rogue files get it then it'll stay secure. The secure repos in apt-secure however are most likely closely monitored by Canonical and others for defects or malcode
"life's sweet, so photograph it; that way someone else can see how sweet it truly was..."
A little bit of word twisting there? I didn't claim there was any certain type of application that everyone/most people needed, but I'm sure most people can't rely on the repos for everything. I think games are what I frequently can't get from the repositories. Some applications like DarkRadiant or GtkRadiant, which are level editors for all Quake based or Doom 3 based games (AKA: most FPS games on Linux), have to be installed "manually" as well. One notable out-of-date package is NVIDIA's video drivers, which for me resulted in my system being broken after uninstalling those and installing using NVIDIA's own installer in an attempt to update them.
Last edited by noerrorsfound; October 23rd, 2008 at 07:43 PM.
I had doubts about your statement that most people would need to install software from third parties. I'm not a gamer, though, and hadn't considered that a lot of ubuntu users would install games. Of course, there is no way for ubuntu to make installing commercial software safer.
Bookmarks