Question

8

What if NO update, security or otherwise is ever installed?

rated 0 times [ 8] [ 0] / answers: 1 / hits: 671 / 2 Years ago, sat, july 9, 2022, 1:22:51

I am in need of expert advice:

Our system admin who is new to Ubuntu in particular and *nix in general is reluctant to install any updates. His view is what if after installing updates the system becomes unstable and doesn't boot up? He has some horror stories from past life as Windows sys-admin.

Some in our team believe this is suicidal as not installing (at least) security updates is opening up to malicious attacks.

It was suggested to run sudo unattended-upgrade so that at least security updates be installed, however even this sometimes requires system to be restarted.

I really appreciate expert comments on this?
Thanks.

Answers

Only authorized users can answer the question. Please sign in first, or register a free account.

lintical

Add To Favorites

Follow

Total Points: 344

Total Questions: 122

Total Answers: 106

Location: Sint Maarten

Member since Mon, Oct 12, 2020

4 Years ago

answered 2 Years ago nsuainner · Accepted Answer

Personally, I think that's a hard position to defend. Machines should periodically have security updates installed. This includes kernel security updates, which require reboots (unless you fancy living life on the edge with Ksplice).

He should be paying attention to the security flaws applicable to the platform as they emerge. Recently, notably, we've seen a number of privilege escalation bugs (which allow normal users to become root). There are in-the-wild exploits for at least one of these (albeit, I don't think it affects 12.04). There are a steady stream of bugs getting patched for lesser applications which fix remote code execution, DOS, priv escalation flaws, etc. There are plenty of attack vectors getting patched regularly.

That said; the final decision of whether or not to patch depends entirely on the context. If you're talking about an Internet-facing webserver, or end-user boxes, then your sysadmin is insane. If you're talking about a high-availability internal production system behind layers of network security in a trusted environment, then that's a little different, and your sysadmin may be being quite pragmatic.

I.e, if the main threat to the box is from its own employees, then is patching a few DOS holes really worth the downtime and risk to production stability? Probably not, no.

Of course, threats can get inside the network perimeter. But again, it depends on your network, your company, your setup... in many small companies, that may already be pretty much game over. The attacker may already have all the access he needs to access these boxes via passwords or keys stored elsewhere on the network, or via impersonation, sniffing, etc. In other words, patching a few holes on a couple of systems might be like starting to build a fence after the horses have bolted.

Bottom line: machines should really see security updates. It doesn't have to be a total unknown; test systems can be (and should be) brought up and upgraded in the same manner as a test-run prior to the event.

But don't ever forget that security is a balancing act. The totally secure system is one buried miles underground, with no connectivity, no power, and no data. If all you're protecting yourself from are a few trusted employees, then what's the point?