What are the risks of keeping LM16?

All Gurus once were Newbies
Forum rules
There are no such things as "stupid" questions. However if you think your question is a bit stupid, then this is the right place for you to post it. Please stick to easy to-the-point questions that you feel people can answer fast. For long and complicated questions prefer the other forums within the support section.
Before you post please read how to get help
Kardosh
Level 2
Level 2
Posts: 57
Joined: Fri Jun 13, 2014 8:10 am

What are the risks of keeping LM16?

Post by Kardosh »

Hello.

I would like to ask how long you think a common user like me (lots of typing, some browsing, torrenting, banking) can stick with Linux Mint 16 before I am too vulnerable?

I read the tutorial saying that i do not need to upgrade to newer version and I would very much like to keep the system that is working perfectly for me (LM17 does not, unfortunately. It even does not work properly on my PC when booting from live USB without any user errors influencing it.) On the other hand, when the LM16 support stops in a few weeks (July 2014?), there are supposed to be security risks. I cannot really imagine what they are. If the system is stable and working, firewall on and set to original settings, the only opened port beying the one used for torrents, what sort of problems can I expect if I keep LM16?

Sorry to bother you all with this, but LM16 is my first real attempt to use Linux and it works like a charm while the long-term-support version does not. Whis is a really bad luck, but if LM 16 is safe for normal use, I could just keep it till the next LTS is issued, hopefully working on my PC.

In short, my answer to the first question here http://community.linuxmint.com/tutorial/view/2 is No, I do not need to upgrade, but then, I would really like to avoid somebody destroying my work (texts in .odt) or using my computer for some illegal activities. And I have no idea what to expect and when to start worrying.

Thank you in advance.

User avatar
Pierre
Level 19
Level 19
Posts: 9866
Joined: Fri Sep 05, 2008 5:33 am
Location: Perth, AU.

Re: What are the risks of keeping LM16?

Post by Pierre »

No, I do not need to upgrade

that's the short answer.

the long answer is always more complicated.
- security is one issue.
- non-updated software is another issue.

if you did indeed "stay with Mint 16" - what would happen ??
- in short - not much.

your PC will be quite use-able for some time.
- eventually you would want to <manually> update some of the software.
like the browser, or the office suite, or something else.
- at that point, you would risk breaking your set-up.

so, you might consider "upgrading" to a later release.

also take my "old" laptop,
- doesn't have a high usage factor.
- still has Mint 5 LTS installed on it.
still works just fine.
- do update FF on occasion. ..
but that's about all.

- it's your call.
Image
Please edit your original post title to include [SOLVED] - when your problem is solved!
and DO LOOK at those Unanswered Topics - - you may be able to answer some!.

Kardosh
Level 2
Level 2
Posts: 57
Joined: Fri Jun 13, 2014 8:10 am

Re: What are the risks of keeping LM16?

Post by Kardosh »

Thank you. I think I should add an explanation.

I do not like changing my software. If it works, I am happy with a really old version. I came to LibreOffice from MSO2002 just to try the free option; I could use the ancient Office without any problems for years to come. Actually, i am keeping the option opened with dual-boot.

I also backup my work to Dropbox at least once a day. It's just text files, small and easy, could fit to a floppy if my PC was big enough to have the drive :)

What I am afraid of is somebody using my Paypal (my other means of banking are secured by secondary verification by phone, so they are OK unless the hacker steals my mobile at the same time) or having to explain to the police something my computer did without me knowing. Spam, DOS attacks, storing illegal files for other to access, such things.

Does any of that happen to Mint users if they do not upgrade? If not, then I will just happily wait for years till the next LTS comes out.
(I tried LM13 supported till 2017, but it cannot even boot in my PC from live USB probably meaning it's out of question.)

User avatar
Pierre
Level 19
Level 19
Posts: 9866
Joined: Fri Sep 05, 2008 5:33 am
Location: Perth, AU.

Re: What are the risks of keeping LM16?

Post by Pierre »

well - Paypal can also be secured via a secondary verification, if that's required.
- banking on a Linux O/S is more secure than banking on a M$ O/S is.

"Spam, DOS attacks, storing illegal files for other to access, such things".
- that stuff can't really occur on a Linux O/S due to it's more secure hierarchy.

an unsupported Linux O/S is still more secure than a updated M$ O/S is.
- it's the fact that to install anything, copy anything on a Linux O/S
always requires the use of a password,
& that will stop all of those nasties that plaque the M$ O/S.

again, YES, there is a <small> risk in having an unsupported Linux O/S.
so, stay with a LTS - if you are really that concerned.

But: your current Mint 16 - should be just fine, at least in the short term.
Image
Please edit your original post title to include [SOLVED] - when your problem is solved!
and DO LOOK at those Unanswered Topics - - you may be able to answer some!.

Kardosh
Level 2
Level 2
Posts: 57
Joined: Fri Jun 13, 2014 8:10 am

Re: What are the risks of keeping LM16?

Post by Kardosh »

Unfortunately, I cannot stay with LTS. LM13 cannot even boot on my PC and LM17 has severe problems with my home and work networks (60 kBps speed instead of 1900 kBps) as well as with at least one of the tools I use for work (wine in LM17 does not open the program - does nothing, really - and it's a specialized translation dictionary, not something I could replace with a free alternative).

Amazingly, LM16 works just fine. That is why I am asking all those things. Now it seems the only scare would be somebody getting my password from some sort of remote keylogger using LM16 vulnerabilities if and when they occur. Actually, this seems as a sort of acceptable risk. There is extra security layer for Paypal costing some € 25, and I pay online very rarely. I also type over 10 000 characters every day as my work, so it might be quite inefficient to read several months pile of logs from a keylogger from my system to find the pass... Yes, the future does seem brighter :)

Thank you. And do correct me if I am wrong.

User avatar
Pierre
Level 19
Level 19
Posts: 9866
Joined: Fri Sep 05, 2008 5:33 am
Location: Perth, AU.

Re: What are the risks of keeping LM16?

Post by Pierre »

it's odd hat Mint 13 won't work on your PC, as it was a very stable release.

& key-loggers are a M$ issue - they can't work on Mint 16.
- you should be fine.
Image
Please edit your original post title to include [SOLVED] - when your problem is solved!
and DO LOOK at those Unanswered Topics - - you may be able to answer some!.

Kardosh
Level 2
Level 2
Posts: 57
Joined: Fri Jun 13, 2014 8:10 am

Re: What are the risks of keeping LM16?

Post by Kardosh »

OK, but this gets me back to my original question: If keyloggers don't work in Linux and abusing my machine for some online illegal stuff is prevented by the architecture, and I do not like changes in my software anyway, then what are those security risks I read about when trying to find peace of mind before I posted the question here? I did not find any concrete example of something really bad that happened to an obsolete Linux version user. As somebody who used MS systems since the times of DOS and Norton Commander, I think I know quite a lot about Windows threats and dangers, but I am really dumb in Linux, I am afraid.

What do I risk then from a security point of view? Can anybody provide an example?

Ad. LM 13: I have no idea what is wrong. It starts to boot, then shows black screen with a pixelated smudge on top and that's it. I only tried live USB, but I came to believe that is what I should do before installing a new Linux version. Never mind - I just won't use this version. I tried to use some tweaks for repairing LM17 connectivity issues found in Ubuntu and Mint forums (not specific for that release), but they just made things worse. But, again - nothing forces me to use that particular one. Unless I find some danger in using LM16 which would concern or endanger me in my way of using the computer.

Kardosh
Level 2
Level 2
Posts: 57
Joined: Fri Jun 13, 2014 8:10 am

Re: What are the risks of keeping LM16?

Post by Kardosh »

I should probably add that I use Opera browser which should receive security updates independently as a program, even if the OS does not.

rloftus
Level 3
Level 3
Posts: 106
Joined: Sat Mar 02, 2013 6:09 pm

Re: What are the risks of keeping LM16?

Post by rloftus »

There's very little risk. I'm still using Mint 13 myself, and it works fine.

Linux Mint is already more secure than either Windows or Apple, but if you're still concerned about security you can uninstall Firefox and it's related applications that may be used as an attack vector, run a system hardening tool like Bastille, install an antivirus for Linux product like Comodo Antivirus for Linux, and run occasional scans with a tool like RkHunter or Chkrootkit.

Kardosh
Level 2
Level 2
Posts: 57
Joined: Fri Jun 13, 2014 8:10 am

Re: What are the risks of keeping LM16?

Post by Kardosh »

I don't know if I am concerned with security as I have not learned yet what type of attack on my system I can expect as it gets older/obsolete.

BTW, LM 13 is still supported, so it's a rather different thing than keeping LM16 after July 2014.

User avatar
clfarron4
Level 5
Level 5
Posts: 511
Joined: Thu Sep 19, 2013 6:20 pm
Contact:

Re: What are the risks of keeping LM16?

Post by clfarron4 »

Let me put it this way. Once it becomes unsupported, you should be fine for the most part, unless something like HeartBleed happens again.

So, people using Mint 15, upgrade because you're still vulnerable to HeartBleed.
Problems? Tell us EXACTLY what you've done and what you expected to happen, IN DETAIL. That will save us questions, and we should get along better,

I have dysgraphia. This means I might have understood you incorrectly through no fault of my own.

Kardosh
Level 2
Level 2
Posts: 57
Joined: Fri Jun 13, 2014 8:10 am

Re: What are the risks of keeping LM16?

Post by Kardosh »

Thank you all. I will definitely try new releases as they occur to see if some of them is compatible with my system. Until I find one, I will keep Petra.

User avatar
daveinuk
Level 7
Level 7
Posts: 1555
Joined: Tue Mar 23, 2010 7:52 pm
Location: Manchester, England.
Contact:

Post by daveinuk »

Do your online banking via a live USB and that way you further reduce the risk of being caught out with an outdated OS, in the meantime try out some other OS's like LMDE to see if that helps?

Sent from my I9377 using Tapatalk

Kardosh
Level 2
Level 2
Posts: 57
Joined: Fri Jun 13, 2014 8:10 am

Re: What are the risks of keeping LM16?

Post by Kardosh »

This is so brilliant in its simplicity. I suppose it occurred to everybody but me... :(
My banking is two-factor and for very occasional PayPal purchases I can use USB stick, even on computers at home which I never used for any financial stuff because my kids have access and viruses or some other malware probably do thrive in those machines. But shouldn't I always conduct updates to the live session? Because the main problem of the current newest version is network speed and the updates when I installed it for real took several very long hours to download. The speed was like 60 kilobytes per second and some of the updates had several megabytes.

As to the Debian version, I will probably try the feel and functionality through a live USB, but I hardly learned some basics for Ubuntu-based distros. I am afraid I would be lost with any more demanding one.

User avatar
turtlebay777
Level 5
Level 5
Posts: 549
Joined: Tue Apr 15, 2014 4:56 pm

Re: What are the risks of keeping LM16?

Post by turtlebay777 »

There's no need to constantly update the USB stick, it's LINUX, NOT WINDOWS!

Linux is free from viruses and malware that makes on-line transactions dangerous on Windows. Try and put the Windozey mentality out of your mind, relax and live life normally once more.

Kardosh
Level 2
Level 2
Posts: 57
Joined: Fri Jun 13, 2014 8:10 am

Re: What are the risks of keeping LM16?

Post by Kardosh »

I believe I live quite normally. What do you mean by "live normally once more" anyway? Like... Before I switched from a typewriter to a -386- with DOS and an Eastern-European imitation of WordPerfect? It was in 1992. I know that for sure because I remember what was the last book I translated using an old Remington. I still have it, but, to be honest, it's much easier and faster to work with a word processor on a computer now.

You might mean normally like before I upgraded from a dial-up to a non-stop cable connection? Or before PayPal was created? Before the banks started providing online services? No, thanks. I would not go back there, either. Not any more. I like the new possibilies. They make my life easier. Sort of.

Before I asked the question, I did search for answers here and elsewhere. The prevailing - I do not know if Windozey, those were Linux resources I searched - mentality said that if you continue to use unsupported version of a Linux distribution, there can be security issues. I just wanted to find out what issues that usually means so that I could apply them to my situation and make an informed decision. There is no need to imply I am not normal anymore because I do not understand the true nature and practical impacts of Linux vulnerabilities. I suppose I will learn those sooner or later; so far I only learned what they are not. Maybe you, the enlightened unwindozed sage, could give me some examples of security issues caused by using unsupported Linux distribution...?

User avatar
eanfrid
Level 7
Level 7
Posts: 1857
Joined: Mon Apr 30, 2012 2:49 am
Location: FR

Re: What are the risks of keeping LM16?

Post by eanfrid »

Some realworld thoughts came to me when reading this topic...

Unsecure and unfixed communication software or protocol libraries that would be easily spied upon or cracked

=> Think of WEP encryption for wifi: anyone can break in your "protected" wifi and lurk on you LAN in a matter of a few minutes, using your own Internet connection and maybe attempting to penetrate into your other machines or access to your local network shares... Oh, sorry, your unsecure wifi client software is not able to even use WPA
=> Think of new exploits that can permit to a remote attacker to steal your online credentials (Heartbleed...)
=> Think of web pages flash or other exploits that target your browser and redirect you silently to a fake site from where your credentials will be stolen

Outdated software

=> Think of changes in the online services requiring a mandatory updated version of the client software you use to access them = no more ability to use the service because the new client won't install on your system

I don't even talk about Linux remote exploits that are in the wild. Most of them target web exposed services you may be using on your system (web server, php exploits, sql injection, ftp, ssh and so on). All of them are made only to compromise the system, gain local privileges and take over the system in some way...

An outdated system should not be opened to the Internet or use radio communication protocols.
Main desktop: Debian GNU/Linux Jessie 64bit - MATE
(i5 2400@3.7GHz - 16GB DDR3 - HD6770 w/radeon driver - SSD+RAID1)
Safer than Dropbox

Kardosh
Level 2
Level 2
Posts: 57
Joined: Fri Jun 13, 2014 8:10 am

Re: What are the risks of keeping LM16?

Post by Kardosh »

Thank you. We are getting there, I think. This is the type of information I am seeking.


I have a few comments to those particular points I would like to check with somebody more knowledgeable than me.

Getting to my wi-fi needs the attacker to be rather close to me to get the signal and also to be there at the time my router/modem combo is on. I turn their power supply off to save electricity when I am not working. Also, the attacker would have to repeat this for weeks, maybe months to get the data I really want to protect, like credit card number or Paypal pass. Am right to think that or wrong? Please correct me if wrong. That goes for all of the following, too.

I checked: It says WPA, WPA2 security on the wi-fi. I have no idea about these, I only set a 23-character password to keep it safe from local kids who might like to steal some bandwidth. But it's not people physically close to my router I fear. They are relatively few; the chance of a specialized old-ubuntu-version-hacker being one of them is small enough to be dismissed.

I usually check the address of the page in address line and its certificate next to the address when paying online. I thought this was enough to be sure I am really there and not somewhere else.

I do not think I have any client software here. I haver no use for that. I suppose the client software issue does not concern me.

Linux remote exploits that are in the wild: Yes, that is the thing I fear. I have a firewall on with incoming set to deny and a single exception for a port used by Transmission program. Can those exploits somehow find me and abuse my computer in some way or another that would lead to personal problems, maybe with the law? Or to have a sniffing program installed somewhere in the system to wait for days, weeks, etc., and get my sensitive information when I eventually use it? If the answer is yes, then I will have to find some other Linux distro in weeks to come - or go back to Windows I kept in dual boot. That would be unfortunate, though - I happened to try a version that worked and I really like it. Bad luck it is ending its support now.

I do not run a server - at least I hope. I only use the PC for lots of typing, some browsing, some music, pics, watching video, sending emails if I really must, like when a finished translation is sent to publisher... And that's it. I do not even play games. Well, maybe flash Mahjongg online, but that would be it.

Reading this topic lead me to some preliminary conclusions. It seems nobody can really tell me a particular thing that can be expected with my system when it becomes obsolete, which then implies such things are probably very rare or maybe only theoretical. That would be good news if true.

Did I understand this right?

mr_raider
Level 6
Level 6
Posts: 1318
Joined: Sun Jun 20, 2010 9:50 am
Location: Montreal, QC

Re: What are the risks of keeping LM16?

Post by mr_raider »

if you are dead seton keeping mint 16, I suggest you download virtualbox. You can run mint 17 or whatever witihin the guest Os and have fully update secure release in the guest. You can use your guest for secure online transactions.

You can keep using the host OS for all your day to day work andncasual browsing.
Image

Kardosh
Level 2
Level 2
Posts: 57
Joined: Fri Jun 13, 2014 8:10 am

Re: What are the risks of keeping LM16?

Post by Kardosh »

I am not dead set on keeping the 16. I just cannot make LM 17 work. After trying several LM13s and LMDE I am back in the LM17land. This time it seems everything works apart from the wi-fi, which only achieves one tenth or less of its original speed.

I have not spent so much time trying to make an operating system operate since installing Windows 95 for the first time :(

Everybody says Linux is for those who do not have much to do and like to learn compiling kernels. And you know what? The only way of improving network speed to at least a decent fraction of what it used to be under Win7 I have not tried yet is compiling some special thingy for RTL81188EE wireless card as recommended in ubuntu forum linked from this forum... And Mint was claimed to be the most user-friendly system... I am tired. When I catch up with my work I will probably come back and ask somebody to compile that bleeding kernel-or-what-the-heck-it-is and upload it as an .exe file.

On the upside, work without Internet might be distraction-free and if I really want to do more than just open the simplest websites (those do not time-out with Linux Mint 17 speed), I can always shut the PC down and reboot to Win7 I kept in dual boot.

Post Reply

Return to “Newbie Questions”