The repos: the linux secret weapon

by Neil Rickert

I considered titling this “It’s the repos, stupid,” but I wanted to get “linux” into the title.

We recently purchased a new computer for a family member who uses Windows.  And it reminded me of why Windows has so many more security problems than linux.

We unpacked the computer.  Then it was plugged in and the setup program was run.  It created a user account, prompting for an account name.  This account was automatically given administrative privileges.  There was no prompt for setting up a limited user account.  Admittedly, UAC (User Access Control) is in effect, but that is still less safe than using a non-administrative account.  There was no prompt for a password.  The setup program just assumed that login without password would be used.

After it was all setup, the Windows automatic updater kicked in.  There were periodic messages that the updates would be installed at 3am.  After a few days, the important updates seem to have all been installed.

This morning, I did a check.  The computer was running an insecure version of the Adobe Acrobat reader, and was running an insecure version of flash.  There had been no attempt to update those.

That’s the difference that the repos (software repositories) make for linux.  If this had been a linux system that handles software updates, then flash and acroread (if installed) would have been updated by now.  And, of course, with a linux system the user would have been setup as an ordinary (non-root) user and with a password.

That’s the security difference right there.  A naive Windows user, not aware of current security problems, would have been left with an insecure setup that had insecure versions of important software (flash and Acrobat reader).  By contrast, on linux a naive user would have a more secure setup with all software updated to versions that fix known security holes.  An important part of the difference is that linux software is installed from the repos, so that there is a single place to check for updates.

Incidentally, on my dual boot systems it has seem that when I reboot to Windows the main program that I use is Adobe update.  There has been a never ending stream of updates to flash.  On linux, the flash updates come through without any special effort on my part.  And when I notice them, I know it is time to reboot to windows and run Adobe update once again.


2 Comments to “The repos: the linux secret weapon”

  1. Well… Almost a 1/2 year later, maybe I still have a chance of having an plausible argument. =/

    Besides “the repos”, linux also have “the distos”, and (your god’s name here), there are so many of them. And a few, mostly distributed as bootable live ones, messes with everything related with security and reliability after (and only, on every case) when a graphical window manager executes. You may call it… “Black Widow Managers”.

    If You are online and without a expensive top-of-edge fine configured physical firewall then pray! Being root at this situation is worse than using Windows itself, nevertheless all the privilegies you imagine having an ingenuous nonadministrative user.

    So, not as a critic but being only an informative person, just check who you are (whoami). If not satisfacted with that, you may check your ID’s (id). If you are the super dude, calm down your nerves: Press reset and burn something decent.

    If you insist being the fastest gunfighter of the old west, touching /etc/nologin, passwding root and teliniting 3… Forget iptables, remember you hadn’t compiled it and again: Use something decent!

    In addition, the decentest operating system I ever known, I mean, the best distro ever made in history, that one cannot be compared to anything else, is called: DIY.


    • You are right that it is a bad idea to do routine stuff as root.

      If Windows users ever learn the equivalent, they will have far fewer virus problems.

      On that firewall bit: My desktop at work was running linux close to 24 hours a day from 1996 to around 2000, and without a firewall. I never had a problem. However, I had disabled most network services.


%d bloggers like this: