Am 13. Oct, 2004 schwätzte Siri Amrit Kaur so: Very :). There, are, however ways to limit exposure and thereby reduce the number of security patches necessary. > I know I should perform security updates frequently, but I run into one > problem: > the SIZE of the updates. > I'm on a slow dialup modem. Can you let it do downloads overnight? If so, can slackware handle interrupted downloads? Let's say you can get 1/3 of the data you need in a night. You could then, over a period of 3 nights, get all the updates, then do the actual installation of the updates after than when it's convenient for you. > I'm using Slackware 10 with the 2.4.26 kernel on a stand-alone box. I never > installed Apache, inetd, portmap, SSH or any other server apps that I know > of, and I have all unneeded services turned off. I just use it for internet Make sure they aren't running. You probably have inetd installed, but you might have disabled it. Check also for a mail server. ps auxw | less look for extraneous processes for instance, I usually uninstall the at daemon lsof -i look for LISTEN for TCP ports and active UDP ports There are other ways to check for running services. Anyone know of a good, simple guide to monitoring tools that can be used from a box to see what might be running? I know George and others have posted email that effectively worked as mini-guides, so maybe search the PLUG archives for mentions of lsof. > surfing, email, burning music cd's and writing. I don't do any remote > connections, file-sharing, chat, or instant messaging. I have decent > passwords and a well-configured firewall, i.e. all ports show "stealth" > according to grc.com. OK, not familiar with grc.com and quickly got bored on their site. Too many mentions of redmondianness probably :). If an external scan is showing that you don't have open ports, that's a good thing. You still need client updates, such as the Mozilla updates Dennis mentioned. > I use slackpkg for updates, and have it set up to only download patches, not > everything. The last time I ran "slackpkg upgrade patches" it was a 135MB > download, not including kernel patches because I don't want to screw around > with the kernel. That's fine for broadband, but I never want to go through > that again! It took days and I had to su to root to do it. Personally, I > never like to be online as root; that's a security risk in and of itself. Can the d/l mechanism run as a normal user? I don't think it can for debian w/o some pain. Are those patches all the updates or just the security updates? Ideally, in your situation, you just want the security updates. > Given how conservatively I use my computer, how likely is it that I'll be > compromised and have my computer turned into a zombie or something if I don't > do updates anymore? Well, random crack attempts from viruses, etc. generally don't care that you're only on a modem or that you think you're safe. > I appreciate any opinions and advice, but no flames, please. You'll be wishing for the flames soon enough as winter sets in and we start having to survive temperatures down into the 70s! :) ciao, der.hans -- # https://www.LuftHans.com/ http://www.AZOTO.org/ # When you are tired of choosing the lesser of two evils, # Vote Cthulhu for President! --------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change you mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss