In a fresh blog post, Linux Mint's leader Clem Lefebvre has written about some statistics on people running out of date software and warned people to ensure they're running updates.
While Linux users often claim they know what they're doing, they're smarter than Windows users and more (I've seen a lot of claims over the years…) plenty still seem to delay or just not run updates it seems. When you hear about new security problems all the time, it's never been more important to stay up to date. Especially your web browser, the last thing you want is to have that and your entire online life compromised!
In the post Lefebvre mentions that only around 30% of users updated their web browser in less than a week, although perhaps much more alarming is that between "5% and 30% of users run Linux Mint 17.x" which has not seen security updates for two years since it reached EOL (end of life).
0% of users should run Linux Mint 17.x! Anything above is not good, whether it’s 5% or 30%.
The actual statistics they have should be taken with your usual pinch of salt, as they vary depending on where you look but either way it's a big reminder to ensure your computers are up to date. Just being on Linux doesn't make you suddenly secure - remember that.
Perhaps it's not surprising though, with Linux Mint often recommended to complete newbies and older users trying out Linux. If you have done a setup for a friend or family member, perhaps give them a nudge about running updates eh?
Article taken from GamingOnLinux.com.
Some you may have missed, popular articles from the last month:
The comments on this article are closed.
Linux distros aimed at non-techies really need to step up their update game.
You don't have to go the Windows-route of being completely obnoxious about it (that's pretty much impossible anyway, as most updates don't require a restart in contrast to Windows), but some reminders with an eventual forced update of critical packages shouldn't be impossible.
You don't have to go the Windows-route of being completely obnoxious about it (that's pretty much impossible anyway, as most updates don't require a restart in contrast to Windows), but some reminders with an eventual forced update of critical packages shouldn't be impossible.
3 Likes, Who?
mmmm but that does kind of defeat one of the main features of linux choice. Some people have the attitude of well its working fine now what if an update borks something especially if they are running mint/ zorin etc and have limited linux esperience. I know how to use timeshift as i have been using it for years but would a windows convert know ? probably not.
5 Likes, Who?
I install updates manually on the machines I use manually, but my NUC HTPC that I only administer over SSH gets its security updates automatically installed with unattended-upgrades. That would seem to be the way to go by default for those distros aimed at new users. It won't help those who stay on a release past EOL, of course, but every little helps.
2 Likes, Who?
Quoting: Whitewolfe80mmmm but that does kind of defeat one of the main features of linux choice.I assume this was a reply to what I wrote?
In that case: How so?
The choice of the myriads of other distros not forcing updates would still be there ;)
But for a system aimed at users with very limited experience, I don't see any downside in taking that choice away.
After all, there is a very clear good and bad choice here. This would merely eliminate the terrible choice of not keeping your software up-to-date.
"But it's running fine!" is what got us ancient software on ancient servers and PCs coming apart at the seams all around the office world.
You can always make it so that someone who knows their way around the terminal and config files can disable the automatic updating of critical packages - but by doing so, that person would have proven they know what they are doing and thus eliminating the user not pressing update "just because".
Either way, before forcing anything, there should be days or weeks of clear notifications shown to the user about what should be updated and why.
At the moment - at least if it is anything like Manjaro - you just get a notification saying "There are updates available" and that's about it. Not exactly a lot of emphasis - which is fine for an Arch distro, but that's not the target audience for Mint I think.
Last edited by TheSHEEEP on 22 February 2021 at 2:22 pm UTC
1 Likes, Who?
I don't see any problem with users not running updates. It's their computer. What they put on it is up to them. I always look at it using the ownership princeple from OOP. An object owned by another object should never give orders to it. It can only inform that something happen.
Same applies here. The user/admin always should be in the highest point in this hierarchy. OS should inform me that there are updates available. But it should never force me in any way to run them. A simple panel icon with pop-up on start is enough. Anything more than that is unneeded and unwanted.
Same applies here. The user/admin always should be in the highest point in this hierarchy. OS should inform me that there are updates available. But it should never force me in any way to run them. A simple panel icon with pop-up on start is enough. Anything more than that is unneeded and unwanted.
3 Likes, Who?
Quoting: RoosterI don't see any problem with users not running updates.
A compromised computer will be used as a beachhead for attacks against others. Good computer hygiene protects all of us. Unpatched software puts us all at risk.
If you're technically proficient enough to read patch notes and make an informed choice of whether this particular update needs to be applied at this particular time then you're more than capable of turning automatic updates off. If you're the kind of user that says "ooh, that looks complicated," then you ought to be protected and not a hazard to everyone else by default.
10 Likes, Who?
Quoting: CatKillerQuoting: RoosterI don't see any problem with users not running updates.
A compromised computer will be used as a beachhead for attacks against others. Good computer hygiene protects all of us. Unpatched software puts us all at risk.
If you're technically proficient enough to read patch notes and make an informed choice of whether this particular update needs to be applied at this particular time then you're more than capable of turning automatic updates off. If you're the kind of user that says "ooh, that looks complicated," then you ought to be protected and not a hazard to everyone else by default.
That's a very dangerous line of thinking you have there.
At first we will be like.. Let's just force updates for non tech users. But what if it won't work. What if we will find out that most not up to date computers are actually run by tech-profound users who willingly choose not to run updates. That makes those users a risk to everyone else as well. To eliminate this risk, we ought to force them do updates too, no? Then you end up with Windows scenario.
No. Updates should never be forced on the user. Nor should auto-updates be enabled by default.
One way to do this is to have the option of enabling auto updates during installation.
1 Likes, Who?
Quoting: RoosterAt first we will be like.. Let's just force updates for non tech users.It's only you that's talking about forcing updates. I'm just saying to enable automatic updates by default to help those that wouldn't be able to enable automatic updates by themselves.
5 Likes, Who?
Quoting: CatKillerpersonally, I think there should be an option to enabled by default in the installer to have auto-updates. one that can't be missed. this way those "technical" users can update or not update when they feel like it. and those users who might not even know there is an update or how to update can in fact receive the updates automatically. I feel like this is a win-win approach. Personally, as a user of Arch-Linux, I update at minimum daily before I shut down for the day and my bf has taken to this approach as well. though my raspberry-pi running ubuntu for pi-hole only gets updated if I happen to need to ssh onto it for some reason...Quoting: RoosterAt first we will be like. Let's just force updates for non tech users.It's only you that's talking about forcing updates. I'm just saying to enable automatic updates by default to help those that wouldn't be able to enable automatic updates by themselves.
Last edited by stephenseiber420 on 22 February 2021 at 5:53 pm UTC
3 Likes, Who?
PublicNuisance Feb 22, 2021
The majority of humans are dumb. Shocking. Most people are too lazy to even perform basic maintenance on their car let alone their computer. Gotta clear that Netflix backlog first, they'll update later.
3 Likes, Who?
Patreon
PayPal
See more from me