Page 1 of 3 123 LastLast
Results 1 to 10 of 23

Thread: no longer supported OS

  1. #1
    Join Date
    Jan 2011
    Beans
    182

    no longer supported OS

    Hello everybody
    I have a very simple and straightforward question:
    What are the risks users run when they decide not to upgrade to Ubuntu 11 (or 12) and decide to stick to Maverick Meerkat (10.10) ?

    Thank you in advance for any piece of information.

    C;NAUD

  2. #2
    Join Date
    Jun 2011
    Location
    United Kingdom
    Beans
    Hidden!
    Distro
    Lubuntu Development Release

    Re: no longer supported OS

    Nothing; except they have to stick with the versions of software that they had when the release went out of date. Sometimes they might miss a security fix because of this.

  3. #3
    Join Date
    Aug 2009
    Beans
    Hidden!

    Re: no longer supported OS

    Quote Originally Posted by MG&TL View Post
    Nothing; (..) Sometimes they might miss a security fix because of this.
    I wouldn't classify missing security fixes as "nothing". besides there are no compelling reasons for regular users to run obsolete versions of any Linux distribution.

  4. #4
    Join Date
    Mar 2007
    Location
    Portsmouth, UK
    Beans
    Hidden!
    Distro
    Ubuntu 11.10 Oneiric Ocelot

    Re: no longer supported OS

    Quote Originally Posted by unspawn View Post
    there are (..) compelling reasons for regular users to run obsolete versions of any Linux distribution.
    See what I did there?

    Security updates would indeed be the biggest issue when using a version no longer supported; along with guides for more recent versions not matching what one has, or repository software being behind the times are other factors.

    Most people should be running a supported version, unless they have a very good reason.
    Last edited by Grenage; April 17th, 2012 at 08:51 AM. Reason: I was very tired when I wrote it.

  5. #5
    Join Date
    Jun 2011
    Location
    United Kingdom
    Beans
    Hidden!
    Distro
    Lubuntu Development Release

    Re: no longer supported OS

    Thanks Grenage.

    Yes, maybe I should have put more weight onto security updates. Security updates are VERY important.

    Also, what reason is there to run out of date software, when you could have the new, shiny version?

  6. #6
    Join Date
    Feb 2008
    Beans
    606
    Distro
    Ubuntu 11.04 Natty Narwhal

    Re: no longer supported OS

    Quote Originally Posted by unspawn View Post
    besides there are no compelling reasons for regular users to run obsolete versions of any Linux distribution.
    Unity and Gnome 3.

    Unity is OK on my netbook, but sucks on my laptop. Gnome 3 sucks everywhere.

    I'm not even sure which version I'm running on the laptop now other than it's the one before Gnome 3 became compulsory. Once it's obsolete I'll have to switch to another distro unless Ubuntu supports MATE or one of the other sane Gnome-style UIs.

  7. #7
    Join Date
    Oct 2009
    Beans
    Hidden!
    Distro
    Ubuntu 16.04 Xenial Xerus

    Re: no longer supported OS

    Even Gnome 3 classic?
    Come to #ubuntuforums! We have cookies! | Basic Ubuntu Security Guide

    Tomorrow's an illusion and yesterday's a dream, today is a solution...

  8. #8
    Join Date
    Sep 2011
    Beans
    1,531

    Re: no longer supported OS

    OK, I'd really like to discuss the reasons you would want updates pushed to you. And what are the consequences if you don't get updates? This question has come up enough that it's not wasted effort to fully answer it IMO.

    I partially know the answers, but I'd like to hear more on the topic. There are obviously security updates that are pushed out when a vulnerability is discovered and patched. So if you don't use an OS that gets updates, the vulnerabilities will continue to be found but they won't get patched. That means that ultimately you are increasing your odds of getting compromised as time goes on. I will say that in my pen testing class, the first OS we cracked was a really old (unsupported) one BECAUSE IT'S EASIER TO CRACK.

    What about hardware compatibility? For instance if you buy a new printer and try to plug it into your no longer supported 10.10, it may work, it may not. But what exactly happens? This is where I get fuzzy on the details. Does it mean that drivers specifically become hard to find (or are they portable from other versions)? I suppose if the technology changes enough then you wouldn't have backwards compatibility necessarily.

    And software compatibility. I imagine that new software wouldn't necessarily run well on an unsupported OS, but can anyone intelligently comment on the details?

    Finally the main reason to stick with an unsupported OS (I'm guessing here): Say you have a low spec or old computer and all the hardware & software works. You've tried some newer versions & distros but they always break something. So stick with what works for as long as it still works?

    I'm gonna hang myself out there: it's NOT a good reason to use an unsupported OS so that you can avoid a new desktop environment. There are hundreds of tutorials out there to show you how to switch away from Unity & Gnome 3 using the newer Ubuntu versions. Or just switch distros. But dear god please let's please not turn this into a unity flame fest, pretty please.

  9. #9
    Join Date
    Oct 2009
    Beans
    Hidden!
    Distro
    Ubuntu 16.04 Xenial Xerus

    Re: no longer supported OS

    Quote Originally Posted by Ms. Daisy View Post
    But dear god please let's please not turn this into a unity flame fest, pretty please.
    What she said.

    If you have a low-spec or older system - ditch Gnome and run something like XFCE or LXDE - both are lighter weight than either Gnome or KDE. Even if you don't want to use a flavor of Ubuntu on such a system, there are a ton of other distros that run well on low spec boxes.
    Come to #ubuntuforums! We have cookies! | Basic Ubuntu Security Guide

    Tomorrow's an illusion and yesterday's a dream, today is a solution...

  10. #10
    Join Date
    Jun 2011
    Location
    Atlanta Georgia
    Beans
    1,769
    Distro
    Ubuntu 10.04 Lucid Lynx

    Re: no longer supported OS

    Quote Originally Posted by Ms. Daisy View Post
    OK, I'd really like to discuss the reasons you would want updates pushed to you. And what are the consequences if you don't get updates? This question has come up enough that it's not wasted effort to fully answer it IMO.

    I partially know the answers, but I'd like to hear more on the topic. There are obviously security updates that are pushed out when a vulnerability is discovered and patched. So if you don't use an OS that gets updates, the vulnerabilities will continue to be found but they won't get patched. That means that ultimately you are increasing your odds of getting compromised as time goes on. I will say that in my pen testing class, the first OS we cracked was a really old (unsupported) one BECAUSE IT'S EASIER TO CRACK.

    What about hardware compatibility? For instance if you buy a new printer and try to plug it into your no longer supported 10.10, it may work, it may not. But what exactly happens? This is where I get fuzzy on the details. Does it mean that drivers specifically become hard to find (or are they portable from other versions)? I suppose if the technology changes enough then you wouldn't have backwards compatibility necessarily.

    And software compatibility. I imagine that new software wouldn't necessarily run well on an unsupported OS, but can anyone intelligently comment on the details?

    Finally the main reason to stick with an unsupported OS (I'm guessing here): Say you have a low spec or old computer and all the hardware & software works. You've tried some newer versions & distros but they always break something. So stick with what works for as long as it still works?

    I'm gonna hang myself out there: it's NOT a good reason to use an unsupported OS so that you can avoid a new desktop environment. There are hundreds of tutorials out there to show you how to switch away from Unity & Gnome 3 using the newer Ubuntu versions. Or just switch distros. But dear god please let's please not turn this into a unity flame fest, pretty please.

    While generally speaking this is true, there is a small logical fallacy here.

    For instance saying an "unsupported/out of date OS" is easier to crack, is ultimately not necessarily a universal truth. You likely used a "slightly" older OS. I'm guessing for Windows it would be 2000 or XP and I'm guessing for Linux Ubuntu was represented with 8.04. These are great targets because both had a poor or non-existant implementation of basic memory protections that a current operating system take for granted.

    For instance -- the simple SEH you likely learned about in Windows won't fly on 2008 R2/ Windows 7. Or even Windows XP service pack 3. However for basic exploit development the underdeveloped architecture of the two OS'es I previously mentioned (8.04 , XP) give a great starting point. Unfortunately as operating system technology and memory protections advanced we're given much more complex themes like return-oriented-programming, ret2libc/plt/reg etc , heap sprays etc.. And different methods for memory manipulation. Those are more advanced and likely were not covered in an introductory class. Quite frankly they're not perfectly reliable and a pain in the butt to engineer.

    My point in saying this is that a counterpoint to the example would be that a VERY old and rather unsupported operating system would not be "easy to crack" and does not have canned exploit code for it. I would like to introduce you to mp eix. This OS was one of the first (way ahead of it's time) to introduce enterprise class DEP In the form of seperate registries for data and executable bits as well as hardware enforced bounds checking. You would not, despite it running a "vulnerable" service be able to exploit this system traditionally (if at all).

    Additionally, in the afforementioned case that an older and "unsupported" operating system MUST be maintained. Linux has a distinct advantage in this field. The ability to backport your own patches. If it were a necessity one could forgo the fancy package manager and get back to basics and start modifying source code to meet the need of the system.

    Now is this effective? That's a cost that needs to be weighted against the need to stay frozen at x, y or z version. Ultimately, I don't think disliking Unity is that reason. Why? You can easily install a different desktop environment on top of a minimal or server install. Or even a standard desktop install if you're interested in fighting with LightDM.

    Ultimately, there are options but a "supported" OS is always preferable particularly in a non sensitive desktop environment where stability isn't quite as crucial as it would be in a high security production environment.

    To add to this briefly -- one must also understand their environment. Hardening a desktop OS can summarily be regarded as hardening (if any) running services, and the possible code injection platforms (browsers, chat clients, office applications etc) most of these have easy to use update channels that can carry an OS long past Canonical's official EOL date.

    Hope this helps.

    -DT
    Last edited by Dangertux; April 17th, 2012 at 04:14 AM.

Page 1 of 3 123 LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •