Linux Today: Linux News On Internet Time.

Security: FOSS/CSS Updates - Are They Worth Anything?

May 20, 2010, 04:32 (0 Talkback[s])
(Other stories by Gene Alexander)

[ Thanks to Gene Alexander for this link. ]

"The short answer: Updates are worthless if one does not apply them.

"Once again I find myself cleaning malware off of a home user's Microsoft based notebook PC. Once again, while it has anti-virus software installed it was infected by a "drive-by attack" from a web page. It was infected with the Antispyware Soft fake anti-malware nag and FUD software. The installed Norton Antivirus, which is up to date, did nothing to stop this attack and was then disabled after the malware got on the system. What happened?

"As I type this article the notebook PC's Microsoft system is downloading and applying updates. Many updates. At least a couple of years of updates. Maybe more than that. The IE browser was pre-IE8 and was not patched with security updates even then. The Firefox browser, which is set as the default, was also not up to date. If the system had not been infected and given into the care of my company to clean up it would likely never see another software update applied. Even though the system was set to download and apply updates automatically, the scheduled time was set for 3:00 AM. A time when this notebook PC owned by an older lady will never be on."

Complete Story

Related Stories: