[Novalug] Auto-update considered harmful [was: Recommendation(s) sought for LAN traffic monitoring/identification]

Rich Kulawiec rsk@gsp.org
Wed Jan 21 11:34:44 EST 2015


On Wed, Jan 21, 2015 at 03:59:27PM +0000, John Warren via Novalug wrote:
> Which is more harmful, autoupdate or unpatched security holes?

This presumes that all updates fix security holes -- which they don't.

This also presumes that all updates don't introduce security holes -- which
some do.

And even those that *do* fix security holes may not fix exploitable
security holes, e.g., I have certain software installed but not enabled --
so even if it's vulnerable, it's not exploitable unless someone with
root access enables it.  And if someone has root access...

And so on.

There are also an entire set of privacy considerations which don't
seem to be on anybody's radar.

So the problem is not so cut-and-dried as it might appear to be.

---rsk



More information about the Novalug mailing list