Security risk from not updating to latest version

Questions about other topics - please check if your question fits better in another category before posting here
Forum rules
Before you post please read how to get help
Post Reply
anotheri
Level 1
Level 1
Posts: 15
Joined: Mon Jan 22, 2018 11:34 pm

Security risk from not updating to latest version

Post by anotheri » Mon Mar 19, 2018 11:56 pm

Been running Linux Mint 18.2 Cinnamon now for 4 months originally installed off a CD I bought on Amazon.

The main reason I switched to Linux was for the increased security. Privacy & security are my #1 concerns however usability/ease of use is important as well and Linux really kicked my butt in that regard, it's been a teeth pulling experience thus far. I can do everything I used to do in Windows except what was a 5 minute problem in Windows is a multi weekend saga on the forums troubleshooting in Linux.

I currently have my update manager policy set to "Just Keep my computer safe".

I update the kernels when prompted to do so through the update manager. Currently using the 4.13.0-37 Kernel, from what I understand updating your kernel is key for security in Linux.

Am I safe as long as I update my Kernel only or do I need to constantly upgrade to the latest versions so like 18.3 Sylvia now and thus forth as the versions come out to remain secure?

I would usually update to the latest and greatest constantly but it took so much time to configure everything perfectly right in my current version I would hate to have to start over again. If I use the "update to 18.3 Sylvia" option in the "update manager", is it like a clean install or will it "migrate" all my settings/configs I setup for me? I have a Ryzen 1600 processor and an Asus X370 board, which is nuts because everywhere left and right people are saying that they can't get Linux to run, can't boot, constant crashes, etc, and I get none of that, everything installed and worked without a hitch from me since day one.

The other question is about LTS releases, like the supposed 19.x series "Tara" that will be coming out. Can I stay secure by just updating my Kernel on 18.2 to whatever the latest kernel is, like the one that will end up being used in Mint 19.x or does it not work like that? Maybe I'm not getting this right... I'm under the impression that what matters isn't so much the "versions" of the OS but the "Kernels", which are a separate thing.


Lastly, if anybody can help clear some anxiety I have every time anything higher than a level 2 update comes up in the manager (like a kernel update) I feel like I'm gonna nuke my computer when I update, so much so that I haven't transfered all my files yet to my Linux PC because I feel like I'll end up bricking it somehow within the year.

Mattyboy
Level 6
Level 6
Posts: 1159
Joined: Thu Mar 26, 2015 2:17 pm

Re: Security risk from not updating to latest version

Post by Mattyboy » Tue Mar 20, 2018 12:32 am

Most, if not all, of your custom settings are kept in /Home.

Installing Linux with separate /boot /root and /home partitions means you can upgrade from 18.x to 19.x without formatting your /Home so your files and most of your settings will be unaffected The 'OS' is kept in /root. ( yes this means a re-install if you didn't set up your initial install this way.

I only speak from experience but I update everything, always, including Kernels and have never had an issue. It's always advisable to update everything regardless of what OS ( operating system ) you're using for security and improvements. The only time I would elect not to install a certain update is if it had a known issue on my system. That's happened to me once, on a beta version and the problem was solved by the development team and next day.

Updating your Kernel should be of little worry because you can simply boot your system to the previous Kernel from the advanced option of GRUB at boot if anything nasty happens. ( press and hold shift or esc to see the GRUB menu when your power on the computer if you don't see it )

LTS = Long time support, exactly as it says. Mint is based on the LTS versions of Ubuntu and will be supported for the lifetime of that version.
Mint 18 on Ubuntu 16.04LTS, Expires 2021-04.
Mint 19 Ubuntu 18-04LTS.

You can upgrade a Mint system in its own series 18.1 - 18.2 - 18.3 but if you wish to use Mint 19 your'll have to do a re-install ( see the first paragraph regarding /Home partition )

You can go ahead and update to 18.3 and you should be fine. It comes with a very handy program called 'timeshift', make this program a first priority. It takes a snapshot of your system ( not /Home files ) and can be used to restore your system from any point you make. Five to ten minutes and its done. This will save you if the worst happens.

Some basics for you :)

User avatar
smurphos
Level 5
Level 5
Posts: 927
Joined: Fri Sep 05, 2014 12:18 am
Location: Britisher...

Re: Security risk from not updating to latest version

Post by smurphos » Tue Mar 20, 2018 12:57 am

All of the 18.x series are equally supported with security updates until the 18.x series ends support in 2021. The only thing you miss out on by not upgrading within the 18.x series are new features and sometimes 'minor' bugfixes in the components maintained by the Mint team. You are doing the right thing applying all the security updates in level 3 and 4 including the kernel updates. By August 2018 Mint 18.x will have the 4.15.x kernel which will be the same kernel as Mint 19.

The upgrade process from 18.2 to 18.3 is generally straightforward - see - https://blog.linuxmint.com/?p=3462. It's not a fresh install - all your existing data and applications should remain intact.

However it's wise to follow the recommendation to install timeshift and set it up to save system backups prior to an upgrade.

Timeshift is also your safety net should it ever be required for a level 3 or 4 security update. Once your familiar with timeshift and have satisfied yourself that you can use it to restore the system you could consider applying non security level 3 and level 4 updates. They may contain important non-security bug fixes.

When Mint 19 comes out on based on previous form it is likely that the Mint team will provide an upgrade path from 18.3 - this will be more convoluted and potentially risky that an upgrade from say 18.2 to 18.3. The majority of users on the forum will tell you to avoid doing that and when the time comes to move to 19 do it as a fresh install from a newly downloaded and verified iso. It may be that the availability of timeshift reduces the level of concern.

Again personally I have one machine that started on 17.something and has been consistently upgraded including the tricky update from 17.3 to 18 and is now on 18.3 - it's fine. Another started on 18 and is now on 18.3 also fine - one person's experience only though.

Please note that timeshift is a system restore tool not a user data backup. If you are concerned about bringing your user data onto your machine just make sure you have a suitable backup system in place for your user data using either Mint's user data backup utility, a third party one such as Aptik (same developer as timeshift - unfortunately you need to use a PPA to install it) or a simple command line based backup using rsync.
anotheri wrote:
Mon Mar 19, 2018 11:56 pm
Been running Linux Mint 18.2 Cinnamon now for 4 months originally installed off a CD I bought on Amazon.
In a particularly cautious and/or cynical frame of mind I would say that is your only potential issue. I take it the vendor is trustworthy and you verified the image on the CD as genuine?

Cosmo.
Level 23
Level 23
Posts: 17830
Joined: Sat Dec 06, 2014 7:34 am

Re: Security risk from not updating to latest version

Post by Cosmo. » Tue Mar 20, 2018 6:46 am

anotheri wrote:
Mon Mar 19, 2018 11:56 pm
Am I safe as long as I update my Kernel only
No. If you omit all the other security updates, than you are not safe.
anotheri wrote:
Mon Mar 19, 2018 11:56 pm
or do I need to constantly upgrade to the latest versions so like 18.3 Sylvia now
No. Until 2021 your system gets supported, that means, that security updates get offered if needed.
anotheri wrote:
Mon Mar 19, 2018 11:56 pm
The other question is about LTS releases, like the supposed 19.x series "Tara" that will be coming out. Can I stay secure by just updating my Kernel on 18.2 to whatever the latest kernel is, like the one that will end up being used in Mint 19.x or does it not work like that? Maybe I'm not getting this right... I'm under the impression that what matters isn't so much the "versions" of the OS but the "Kernels", which are a separate thing.
Again, updating the kernel is not enough. On the other hand until 2021 you can stay with 18.2, if you want. You can also switch to LM 19 if you want, this is solely your decision. Details cannot be said about LM 19, as long as nobody has not seen it. When LM 19 has arrived you have still several years to make a decision and to upgrade - or not.
anotheri wrote:
Mon Mar 19, 2018 11:56 pm
Lastly, if anybody can help clear some anxiety I have every time anything higher than a level 2 update comes up in the manager (like a kernel update) I feel like I'm gonna nuke my computer when I update, so much so that I haven't transfered all my files yet to my Linux PC because I feel like I'll end up bricking it somehow within the year.
By using TimeShift you can revert the system with a few clicks to a previous state without loosing your user data. It is strongly recommended.
Besides that: User data should be regularly backed up anyway. Not backed up data are superfluous data by user's decision. Take a look at Back in Time, a very good and fine configurable backup tool.

P-S. All this has nothing to do with hardware (where you placed your thread).

anotheri
Level 1
Level 1
Posts: 15
Joined: Mon Jan 22, 2018 11:34 pm

Re: Security risk from not updating to latest version

Post by anotheri » Sun Mar 25, 2018 7:19 pm

smurphos wrote:
Tue Mar 20, 2018 12:57 am
In a particularly cautious and/or cynical frame of mind I would say that is your only potential issue. I take it the vendor is trustworthy and you verified the image on the CD as genuine?
I did not, naively I must say. I originally installed Linux as a joke, sort of just something to see if my home brew PC would boot while I waited for a physical copy of Win 10 in the mail. Ended up liking it and here we are 4 months later.

I know it's possible but do you really think a reputable vendor on Amazon whet through the trouble of re-building some kind of Malicious compromised/backdoored Linux version, burned to CD's and sold them? I got the firewall setup and my router setup to monitor connections and I don't see anything funny.

User avatar
Schultz
Level 6
Level 6
Posts: 1181
Joined: Thu Feb 25, 2016 8:57 pm

Re: Security risk from not updating to latest version

Post by Schultz » Sun Mar 25, 2018 7:42 pm

anotheri wrote:
I know it's possible but do you really think a reputable vendor on Amazon whet through the trouble of re-building some kind of Malicious compromised/backdoored Linux version, burned to CD's and sold them?
I guess the real question is: just how "reputable" is the vendor? In any case, why would you pay for something that you could download for free? The only reason I'd do that is if I were on dial-up internet.

User avatar
smurphos
Level 5
Level 5
Posts: 927
Joined: Fri Sep 05, 2014 12:18 am
Location: Britisher...

Re: Security risk from not updating to latest version

Post by smurphos » Mon Mar 26, 2018 12:53 am

Assuming you still have the disc you can still verify it as untampered with now - https://linuxmint.com/verify.php

User avatar
michael louwe
Level 8
Level 8
Posts: 2318
Joined: Sun Sep 11, 2016 11:18 pm

Re: Security risk from not updating to latest version

Post by michael louwe » Mon Mar 26, 2018 5:27 am

@ anotheri, .......
anotheri wrote:I update the kernels when prompted to do so through the update manager. Currently using the 4.13.0-37 Kernel, from what I understand updating your kernel is key for security in Linux.
.
In general, new computer hardware requires new Linux kernel and old computer hardware requires old kernel. This is the main purpose for the introduction of new Linux kernels, ie HWE or Hardware Enablement, and mainly not for security. ... eg https://www.phoronix.com/scan.php?page= ... -416&num=1 (25 Mar 2018 - Linux 3.17 To Linux 4.16 Kernel Benchmarks On Intel Gulftown & Haswell Hardware)
.
A LM user can likely still run the 2016-released LM 18.x with kernel 4.4 LTS securely on a 2008 computer until EOL in April 2021 by installing all the security updates, including those for kernel 4.4.
....... It is probable that such an old computer will not be able to run LM 19.0 which will come with kernel 4.15 LTS = buy new computer. Similarly, most Win XP-era computers(= early 2000s) cannot run the 2012-released Win 8.x or Win 10, but can likely still run the 2009-released Win 7 until EOL in 2020 = thereafter, buy new computer.

Post Reply

Return to “Other topics”