Security and system updates (was Re: Something must be done! (Security))

[Patrick Stoddard]

--- jiva@devware.com wrote:
> Yeah, but doesn't that also get non security related
> updates as well?
> That's the thing, if it's already working fine,
> personally, I hate to
> upgrade services unless there's a good reason.

You don't necessarily have to resort to automated
processes in an attempt to keep up on the updates
(no matter what distro you use or prefer).  Updates
from each distro are generally announced on mailing
lists, and we all hear about the security-related ones
either from this list, or BUGTRAQ, or other sources.

FWIW I do not run any of those programs to 
automatically download and/or apply updates on my
systems (personal or in the office).  I usually 
go into the Red Hat FTP server, in their updates 
area, and check every few days barring an announcement
of a specific fix or update.  If there is something 
new, I get it and then look at what the update does,
then - if I use or need that particular update - apply
it to my systems.  

Sure, this method may take more time, but the general
opinion on here is that it is better to fix the
individual problems/flaws as they are found rather
than waiting for some big fix or patch that takes 
care of many problems (and possibly causes others).  
Security is always a moving target.... harden systems
to only allow necessary services to be accessible,
scan and test your systems periodically, update and
patch as needed.  We on this list seem to do a decent
job of being forthcoming with problems and solutions,
which is a good thing for all.

Now, I have to deal with a disgruntled ex-employee's
PC which appears to have been "FORMAT C:" before he
left yesterday.  Time for a liquid lunch........


Patrick

__________________________________________________
Do You Yahoo!?
Talk to your friends online with Yahoo! Messenger.
http://im.yahoo.com