We have quite a few computers running Fedora for business use. It’s simply the best OS in the world, there is no comparison. But I have a question. What if we simply stop updating the system as we love it the way it is. I’ve never quite understood the logic behind security updates.
What is the real point of security updates? can bugs get into the firmware, hardware or kernel somehow? even if we run them offline mostly?
Up until recently we had Windows 7 for all our systems as we refused to update to Windows 10, but Windows has an entirely different, more vulnerable and weaker system due to the way the registry works and the entire way it functions is different. So shouldn’t Fedora have a more powerful way of keeping out bugs even without updating.
Updates are not “required”.
What will happen is the system will remain as-is, complete with any potential security holes.
If the systems are not exposed to risks (do not connect to the internet in any way) then that is not an issue. However, web browsing, email, cloud services, etc. have the potential of exposing the system to risks. Many systems do not get routine updates with the frequency that fedora does and seem reasonably secure.
Having good security practices, running firewalls, virus and malware scans, etc. make it a users choice to do updates or not.
With fedora, however, you have to be aware of the rolling releases. Each release gets updates for approximately 1 year after it is released and then goes EOL with no further support or updates. Your call on updates.
Right thanks for explaining that, so the bugs come in from the web. So if we have a great router and those risky ports are blocked then how do these bugs get in? And can you say what do these security updates do specifically
No. The bugs come in when the software is installed or updated. That’s because no matter how careful the programmers are and how thorough the testing is bugs are going to slip by until either somebody looking at the code spots it or it causes problems and get reported. Then, somebody will try to troubleshoot the issue and patch it.
What does come in from the web is trojans and other malicious code designed to help black hats to steal data and/or money. Of course, when one of these is found, somebody has to find a way to keep it from working any more and that too has to be obtained via the Internet.
In general, you can expect that when you first install your system there are always going to be some bugs left in the code and the only way to get rid of them is by updating your system. And, many of the updates add new features or enhance existing ones and the only way to get these new features is by updating your system.
First of all in a connected world you have no chance to leave a system as it is and so from the time of installation you have to update your systems/devices and there is no way out. The main risks are almost human interactions in a complex world and there are many people out there today waiting to attack an unmainted system. You have to play the technology game or you must change the planet without any technical support. Windows world is one of the most excellent system coexisting with many other systems and the often linked together. Don’t try to separate a tightly connected world. It does not matter which system you are using you have to play the “game”.