• Reasons why to update on-demand software with security updates

    I’ve been asking myself the question how important it is to update installed software on either desktops or servers that only run on demand to fix security holes. Say for example archiving software that only runs when you open it or an archive file or the JRE or JDK that I only use for one software, say for example Netbeans. What if my currently installed version contains some kind of security hole. Would it be really necessary to update that software, even though the Java or archiving software don’t always run in the background and listen to the outside through some open port?

    This is the opposite of software that actually runs always in the background and listens to an open port, like web servers, and are more a security issue due to remote attacks or browsers that are used on a daily basis and can be attacked through malicious client side code, where the security threat is more obvious.

    Is it really necessary to update such software with the latest security updates, even though there is more a risk of unstability due to frequent updating compared to being a victim of an actual attack?

  • I would say letting outdated softwar,e in between updated to the latest will caus also instability, mainly because, partly updates are not supported by pacman.

  • @joekamprad Thanks for your input, but I’m talking more general. Software with security holes on any kind of OS

  • Honestly, I don’t see anything wrong with keeping them outdated, other than the fact that at some point they will probably HAVE to be updated in order to work with the rest of the system properly. When / if that time comes, it could be a real hassle to do so.

    There. That’s my opinion, but maybe others’ will differ. Who knows? Maybe I will end up learning something from someone else?

  • So, you rather want to have a system with lots of security holes in which you have no idea where you could have attack but in the end it simply works no matter what. Also, you consider any software installed in linux is independent, ie. it does not depend any other software in the system, that is almost never true in linux. In the end, if you try to keep some packages downgraded, you will end up with a system almost can never go forward. For example, Debian like systems need to provide a new version of their distro every some years since it is almost impossible to build upon the previous version. That is why you always have to update to be able to go forward in rolling distros like Arch. Manjaro is more conservative in that sense but you should have heard security concerns of people all the time.

    In the end, it comes down to the philosophy of the distro you are using. What you ask here is really hard to maintain with any rolling distro. Though if you really want to you can use Ignorepkg to ignore them from being upgraded. But it is not very safe, more open to failure.

    Also, if you start to oversee security issues considering they are not very important, you may create a chain of security problems which becomes really hard to fix on the way. Very dangerous for rolling distros.

updates62 security12 on-demand1 reasons1 Posts 5Views 720
Bloom Email Optin Plugin

Looks like your connection to Antergos Community Forum was lost, please wait while we try to reconnect.