Actually in my opinion the answer to this is common sense. If you have what
it is they are talking about then you update it, if you do not have it; then
you can simply, take note it was updated, the type of exploits and then press
on with life.

1. You wouldn't try to apply an NT service pack to linux would ya?

/mnt/win_c/nt/temp/wine sp6i386_128bit.exe ;o)

2. It's easy to find out what services you have running. A quick way is
using netstat. Another way is to check the process's that are running.
Unless somebody has an exploit to make a service not show up under the
process's list (is there?), eventually you should be able to track even the
most vague service / process down. Compare it to windows..... How did you
tell what was running in windows? Portscan? Process's? Registry? Netstat?
There are other tools as well. nmap, a packetsniffer. okay, you know that
already.

that's my 2cents. - I been running linux a little over a year with no formal
training. I just applied my informal tcp/ip , ipsec knowledge to linux as
an OS. In NT if your not running iiS then why would you patch it? If your
running OS2 why would you even go to microsoft.com? In win 98, if there is a
patch for win95's dun, why would you try to patch it? You wouldn't--I
wouldn't.
Most folks do not patch anything at all, and they are entirely unaware of
IPSEC a firewall or anything else like the difference between a virus, a
worm, and a trojan, I have never met anyone else that really cared about
security and took action to do something about it, reading a big fat book[s]
on tcpip is not what normal folks do in their spare time, because they do not
understand it, they ignore it, or pretend it isn't there. (I know that isn't
us on this list)

To me it's the same logic. I am not a security expert and I leave this to
be judged by anyone who is, or claims to be. ;o)

I agree 100% if you don't use it--yank it off.
I guess you could say use it or loose it. heheh
I've rambled far too much.

On Tuesday 30 January 2001 02:38 pm, you wrote:
> I recommend at least updating all packages that are tagged as "security"
> updates (see the Type column in MandrakeUpdate). There is no reason to
> keep known exploits alive - read about the Ramen worm if you're not sure
> about this. The exploits that made that fiasco possible are quite old.
>
> There is a whole lot of merit to the philosophy that recommends removing
> things you don't use. If your system is compromised, why assure the hacker
> that all of their favorite tools are already loaded?
>
> On Tuesday 30 January 2001 06:15, R Cent wrote:
> > Do most users update ALL the applications that appear in the
> > updater window or are they selective, only choosing the updates
> > for applications they use? I am reserved about updating things
> > I don't use for fear that I'll spoil my Linux installation with
> > a non-essential update. Please advise.

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]