Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230
How much do you trust Debian?
-
- Posts: 296
- Joined: 2015-06-07 14:38
- Has thanked: 11 times
- Been thanked: 32 times
Re: How much do you trust Debian?
I don't think anyone can blame Debian or any other Distro for security issues. No software is perfect, all you can do is find the one with the most open and transparent development environment. That being said I saw a link to an article on LinuxQuestions.org. I am not a developer but it all makes sense to me. Security just isn't a priority for most devs. I'm sure it is for some but certainly not all.
The article
https://go.theregister.com/feed/www.the ... re_column/
The article
https://go.theregister.com/feed/www.the ... re_column/
-
- Posts: 932
- Joined: 2020-05-03 14:16
- Has thanked: 7 times
- Been thanked: 65 times
Re: How much do you trust Debian?
^ The above article references this one:
https://www.theregister.com/2022/01/18/ ... h_tuesday/
Well paid software developers working for multi-billion BigTech company are issuing security fixes which are completely broken.
Most likely those patches have caused multi-million losses in total, for hundreds of companies that are using Microsoft Servers and Hyper-V.
I'm using Debian as my main OS for ~13 years now, and after thousands of updates/upgrades I've experienced only a single, easy to fix problem with one of backported packages: link
It's true that some security issues are discovered from time to time in Debian/Linux kernel, but somehow I've never heard about a situation where hundreds of thousands of Linux machines get suddenly infected by some unknown virus.
For closed-source software massive global infections are quite frequent.
I would say that this is because all the Debian/Linux bugs are discovered *before* any attack - so the time window for preparing a global attack is very short (because most systems are immediately updated) -> In closed-source software the security-related bugs are discovered *after* the attack.
At least, this is what the stats are showing
https://www.theregister.com/2022/01/18/ ... h_tuesday/
Well paid software developers working for multi-billion BigTech company are issuing security fixes which are completely broken.
Most likely those patches have caused multi-million losses in total, for hundreds of companies that are using Microsoft Servers and Hyper-V.
I'm using Debian as my main OS for ~13 years now, and after thousands of updates/upgrades I've experienced only a single, easy to fix problem with one of backported packages: link
It's true that some security issues are discovered from time to time in Debian/Linux kernel, but somehow I've never heard about a situation where hundreds of thousands of Linux machines get suddenly infected by some unknown virus.
For closed-source software massive global infections are quite frequent.
I would say that this is because all the Debian/Linux bugs are discovered *before* any attack - so the time window for preparing a global attack is very short (because most systems are immediately updated) -> In closed-source software the security-related bugs are discovered *after* the attack.
At least, this is what the stats are showing
Bill Gates: "(...) In my case, I went to the garbage cans at the Computer Science Center and I fished out listings of their operating system."
The_full_story and Nothing_have_changed
The_full_story and Nothing_have_changed
- argentwolf
- Posts: 201
- Joined: 2021-09-05 23:21
- Has thanked: 185 times
- Been thanked: 15 times
Re: How much do you trust Debian?
Whew! I guess then it's a relief that Debian doesn't participate in these sectors: "defense, emergency services, agriculture, government facilities, IT, healthcare, financial services, education, energy, charities, legal institutions, and public services." #TNO
"CISA, FBI, NSA Issue Advisory on Severe Increase in Ransomware Attacks"
https://thehackernews.com/2022/02/cisa- ... evere.html
"Cybercriminals Target Linux‑Based Systems With Ransomware and Cryptojacking Attacks"
https://news.vmware.com/releases/cyberc ... ng-attacks
"CISA, FBI, NSA Issue Advisory on Severe Increase in Ransomware Attacks"
https://thehackernews.com/2022/02/cisa- ... evere.html
"Cybercriminals Target Linux‑Based Systems With Ransomware and Cryptojacking Attacks"
https://news.vmware.com/releases/cyberc ... ng-attacks
Vanguard Debian, because nothing's worse than doing nothing, whimsically!
32-bit | 2 Duo T5270 @ 1.40GHz x 2 CPU | 3.9GiB RAM | NV86 117MiB GPU | 465.76GiB SSD
64-bit | i7-4790 @ 3.60GHz x 8 CPU | 15.6GiB RAM | NVD9 1.9GiB GPU | 931.51GiB SSD
32-bit | 2 Duo T5270 @ 1.40GHz x 2 CPU | 3.9GiB RAM | NV86 117MiB GPU | 465.76GiB SSD
64-bit | i7-4790 @ 3.60GHz x 8 CPU | 15.6GiB RAM | NVD9 1.9GiB GPU | 931.51GiB SSD
- Onsemeliot
- Posts: 333
- Joined: 2010-12-15 14:43
- Has thanked: 20 times
- Been thanked: 5 times
Re: How much do you trust Debian?
Isn't RSIC-V just the base on which corporations most likely will build proprietary CPUs on? I guess even with RISC-V as the standard we might not see any free hardware because it would still be to difficult to actually build chips for smaller companies that might want to create free hardware. Or do I get something wrong here?
But to the main question of this discussion: I wouldn't say that I can fully trust any operating system. Especially because I can't audit it myself (even if I did understand enough to do so in principle the amount of stuff to check is just hopeless). But I think we do have the same problem everywhere: Of course the arguments for the earth not being flat are rather convincing but even the classic practical test of looking at a ship sinking behind the horizon on the sea is not a full proof. And travelling around the world wouldn't really help either since I am not capable of ensuring I wouldn't go in a circle on such great distances.
So, in essence I think there is much less reason to suspect Debian to be hijacked by malicious interests than almost any other system I could probably use. I use it since about 2008 and am still rather happy with it. I wouldn't want to move back to Windows or over to MacIntosh. (Don't get me started on mobile devices!)
All systems have issues and especially the obviously avoidable ones annoy me. It is much easier for me to accept that a program is buggy due to an error than due to some commercial interest. And everything considered, Debian has much fewer of such avoidable annoyances than most other operating systems that would be available to me. Therefore, I am proud to be a long time user and financial supporter of the project. (Unfortunately I can't contribute any coding skills.)
-
- Posts: 932
- Joined: 2020-05-03 14:16
- Has thanked: 7 times
- Been thanked: 65 times
Re: How much do you trust Debian?
Who's using Debian?argentwolf wrote: ↑2022-02-11 11:15 Whew! I guess then it's a relief that Debian doesn't participate in these sectors: "defense, emergency services, agriculture, government facilities, IT, healthcare, financial services, education, energy, charities, legal institutions, and public services." #TNO
This list contains only those companies and organizations who decided to support Debian by showing that Debian is their OS of choice.
My company uses ~30 Debian systems, but it is not listed - just like many others.
And another list: List_of_Linux_adopters
This article doesn't even contain words Debian or Linux.argentwolf wrote: ↑2022-02-11 11:15 "CISA, FBI, NSA Issue Advisory on Severe Increase in Ransomware Attacks"
https://thehackernews.com/2022/02/cisa- ... evere.html
Recently a new IT sub-market emerged: lots of software companies want to sell ridiculously expensive threat scanners, with ridiculously expensive hotline support (You can count on our "experts" ) -> vmware is not an exception, and You can easily find tons of similar articles.argentwolf wrote: ↑2022-02-11 11:15 "Cybercriminals Target Linux‑Based Systems With Ransomware and Cryptojacking Attacks"
https://news.vmware.com/releases/cyberc ... ng-attacks
This is just a standard set of bullshits used to hack customer's brains and convince them to drop lots of money in a mud.
Anyway, I've said that I've never heard of a successful massive attack on Linux systems - the above article doesn't prove the opposite.
Yes. It is even guaranteed in the RISC-V ISA specification.Onsemeliot wrote: ↑2022-02-11 13:23 Isn't RSIC-V just the base on which corporations most likely will build proprietary CPUs on?
Bill Gates: "(...) In my case, I went to the garbage cans at the Computer Science Center and I fished out listings of their operating system."
The_full_story and Nothing_have_changed
The_full_story and Nothing_have_changed
-
- Posts: 37
- Joined: 2021-12-10 11:59
- Been thanked: 3 times
Re: How much do you trust Debian?
So, in general, I believe there is far less cause to suspect Debian of being hacked by hostile actors than practically any other system I might use. I've been using it since around 2008 and am still quite pleased with it. I don't want to go back to Windows or go to Mac.
-
- Posts: 932
- Joined: 2020-05-03 14:16
- Has thanked: 7 times
- Been thanked: 65 times
Re: How much do you trust Debian?
Generally, Yes -> but You should be aware of the fact, that by using 3rd party sources like flatpak, appimage, snap, ubuntu ppa's, etc You're taking full responsibility for Your OS - nobody can guarantee that those sources of binary blobs are safe.clementishutin wrote: ↑2022-03-01 13:10 So, in general, I believe there is far less cause to suspect Debian of being hacked by hostile actors than practically any other system I might use. I've been using it since around 2008 and am still quite pleased with it. I don't want to go back to Windows or go to Mac.
If You absolutely need a newer version of some program, compile it from source.
Bill Gates: "(...) In my case, I went to the garbage cans at the Computer Science Center and I fished out listings of their operating system."
The_full_story and Nothing_have_changed
The_full_story and Nothing_have_changed
-
- Posts: 32
- Joined: 2013-05-15 23:13
- Location: Auckland, New Zealand
- Has thanked: 14 times
- Been thanked: 2 times
Re: How much do you trust Debian?
I don't necessarily trust Debian or GNU/Linux per se, I just like the way it works, like most computers used to work before MS came along and despoiled the ecosystem.
Windows makes me wanna take a hammer to my PC even though I only run it in VBox ... I'm just glad there are alternatives
Windows makes me wanna take a hammer to my PC even though I only run it in VBox ... I'm just glad there are alternatives
Re: How much do you trust Debian?
I trust debian 100%.. ive realised apps are getting better and more stable as times goes by... you can feel it.. less crashes in apps likle kdenlive , handbrake, all of them... my internet browser hasnt crashed again since i installed.. plasma desktop hasnt crash once again since buster version, everithing feels smooth and stable like a charm.. bullseyes is a great, great distriburion along plasma kde...
I HIGHLY RECOMMEND YOU this winner combination: BTRFS+DEBIAN STABLE+PLASMA KDE
I HIGHLY RECOMMEND YOU this winner combination: BTRFS+DEBIAN STABLE+PLASMA KDE
bester69 wrote:STOP 2030 globalists demons, keep the fight for humanity freedom against NWO...
-
- Posts: 241
- Joined: 2021-04-06 22:14
- Location: Sweden / Linköping
- Has thanked: 7 times
- Been thanked: 9 times
Re: How much do you trust Debian?
Interesting thread
I do not trust anything or anyone.. not even myself to 100%
No operating system is completely secure... if that existed, then everyone would use it and abandon everything else.
No system is more secure than the user himself.
If you take a Windows 2000 computer with a configured software firewall, turn it on and no one uses it.. then the computer is secure.
If you take the latest version of any linux distro .. turn it on and a user installs a virus/trojan/ransomware.. then the computer is compromised.
I only trust systems that I have a 100% understanding of how it works, how it do the different things and why it does things.
And as I (the user) is the weak link, then I want to be able to monitor the system in real time so i can see if something happens that shouldn't happen. what processes is running, network activity, harddisk activity, etc.
and I always have a software firewall on each computer to have total control over which programs/processes is allowed for outbound access. So if I do something stupid, like install a cool desktop gadget from a website (like evil gnome) or some ransomware, then it can't send data or spread in the network as that program doesn't have an applied outbound rule.
So at present time, I can make a win7(EOL) computer more secured then my Debian and LMDE computers. Why? is it because win7 is more secure? absolutely not.
It is just because I know windows systems and have 30+years experience of microsoft OS and a sysadmin education(14years old)... but I only have around 2years active self-tough experience of linux systems.. and I can't expect to get the same amount of knowledge in only 2years.. But I hope to get there with time, patience and stubbornness. I just love Debian.. Debian is my future.
I do not trust anything or anyone.. not even myself to 100%
No operating system is completely secure... if that existed, then everyone would use it and abandon everything else.
No system is more secure than the user himself.
If you take a Windows 2000 computer with a configured software firewall, turn it on and no one uses it.. then the computer is secure.
If you take the latest version of any linux distro .. turn it on and a user installs a virus/trojan/ransomware.. then the computer is compromised.
I only trust systems that I have a 100% understanding of how it works, how it do the different things and why it does things.
And as I (the user) is the weak link, then I want to be able to monitor the system in real time so i can see if something happens that shouldn't happen. what processes is running, network activity, harddisk activity, etc.
and I always have a software firewall on each computer to have total control over which programs/processes is allowed for outbound access. So if I do something stupid, like install a cool desktop gadget from a website (like evil gnome) or some ransomware, then it can't send data or spread in the network as that program doesn't have an applied outbound rule.
So at present time, I can make a win7(EOL) computer more secured then my Debian and LMDE computers. Why? is it because win7 is more secure? absolutely not.
It is just because I know windows systems and have 30+years experience of microsoft OS and a sysadmin education(14years old)... but I only have around 2years active self-tough experience of linux systems.. and I can't expect to get the same amount of knowledge in only 2years.. But I hope to get there with time, patience and stubbornness. I just love Debian.. Debian is my future.
Why make things complicated in life, if you can make it easier for yourself... Do it. ;o)
You only have one life, so make the most of it and enjoy it while you can.
You only have one life, so make the most of it and enjoy it while you can.
-
- Posts: 932
- Joined: 2020-05-03 14:16
- Has thanked: 7 times
- Been thanked: 65 times
Re: How much do you trust Debian?
Not really - many companies are using "some OS" of their choice only because they naively believe in paid support - which gives only an illusion of safety, not to mention that such support itself is a threat to production systems.
Really? W2K is not supported by any of the web browsers today -> Are You trying to tell that Microshit Internet Exploder v6.0 is safe?
You can't know how the Winblows works without reviewing its source code. Even Microshit doesn't know how their OS works - that's why almost every update results in regressions of some kindMarie SWE wrote: ↑2022-03-19 22:38 I only trust systems that I have a 100% understanding of how it works,
(...)
So at present time, I can make a win7(EOL) computer more secured then my Debian and LMDE computers. Why? is it because win7 is more secure? absolutely not.
It is just because I know windows systems and have 30+years experience of microsoft OS and a sysadmin education
... Why are You spamming this thread with such utter bullshits?
IMO Your post should be considered a spam - and deleted.
Bill Gates: "(...) In my case, I went to the garbage cans at the Computer Science Center and I fished out listings of their operating system."
The_full_story and Nothing_have_changed
The_full_story and Nothing_have_changed
-
- Posts: 241
- Joined: 2021-04-06 22:14
- Location: Sweden / Linköping
- Has thanked: 7 times
- Been thanked: 9 times
Re: How much do you trust Debian?
I just made a point.. (turn it on and no one uses it) and the next point was ( a user installs a virus/trojan/ransomware.. then the computer is compromised.)LE_746F6D617A7A69 wrote: ↑2022-03-22 21:25Not really - many companies are using "some OS" of their choice only because they naively believe in paid support - which gives only an illusion of safety, not to mention that such support itself is a threat to production systems.
Really? W2K is not supported by any of the web browsers today -> Are You trying to tell that Microshit Internet Exploder v6.0 is safe?
You can't know how the Winblows works without reviewing its source code. Even Microshit doesn't know how their OS works - that's why almost every update results in regressions of some kindMarie SWE wrote: ↑2022-03-19 22:38 I only trust systems that I have a 100% understanding of how it works,
(...)
So at present time, I can make a win7(EOL) computer more secured then my Debian and LMDE computers. Why? is it because win7 is more secure? absolutely not.
It is just because I know windows systems and have 30+years experience of microsoft OS and a sysadmin education
... Why are You spamming this thread with such utter bullshits?
IMO Your post should be considered a spam - and deleted.
The moral cake is, that it is the user that is the weak link in all systems, not the system itself. So Yes Debian is safe if the user doesn't do anything stupid.
And I never said anything about IE6... I said no one uses the computer. so that is, no one starts IE6 or any other programs that goes online
Why make things complicated in life, if you can make it easier for yourself... Do it. ;o)
You only have one life, so make the most of it and enjoy it while you can.
You only have one life, so make the most of it and enjoy it while you can.
-
- Posts: 932
- Joined: 2020-05-03 14:16
- Has thanked: 7 times
- Been thanked: 65 times
Re: How much do you trust Debian?
You seem to be a clever person - but the above makes completely no sense - what's the use case then? ... and how it is different from using up-to-date OS?
Today, MS Winblows, Boogle Bandroid, and idiotOS have built-in spying functionality - they are no different from old-fashioned trojans.
Debian by default does not contain any spying software (well, there is a popcon, but it's an opt-in)
Bill Gates: "(...) In my case, I went to the garbage cans at the Computer Science Center and I fished out listings of their operating system."
The_full_story and Nothing_have_changed
The_full_story and Nothing_have_changed
Re: How much do you trust Debian?
I mostly trust Debian. The only reservation I have was produced by recent periods where chromium was not being updated. At first I thought that the CVE's did not apply to Debian and it just wasn't being updated for the sake of stability. Then bug reports began to appear citing multiple vulnerabilities. And it still wasn't being updated. Thankfully, that problem seems to have been resolved but I still wonder about the possibility of this happening on packages where I am less aware of what's going on.
However it's worth saying that Ubuntu Thunderbird is stuck on 91.5.0 where as the current release is 91.7.0. There was an important update to 91.6.2 that fixed a couple of zero day exploits.
As far as I can tell (though I'm no expert) Thunderbird is just as affected by these vulnerabilities as Firefox is. What makes this different than the Debian chromium situation is that that was a single maintainer that wasn't updating Chromium. But Ubuntu Thunderbird is in the "main" repository (when I checked on the Ubuntu live usb) which my understanding is that it's maintained by Canonical itself. This just seems to me to be beyond the pale for Canonical itself allowing zero day exploits to be part of Thunderbird. But I don't understand everything so maybe I'm missing something. But that concerns me.
Debian updated to 91.6.2 on March 8, three days after the March 5 release of 91.6.2.
However it's worth saying that Ubuntu Thunderbird is stuck on 91.5.0 where as the current release is 91.7.0. There was an important update to 91.6.2 that fixed a couple of zero day exploits.
https://www.mozilla.org/en-US/security/ ... sa2022-09/Security Vulnerabilities fixed in Firefox 97.0.2, Firefox ESR 91.6.1, Firefox for Android 97.3.0, and Focus 97.3.0
Announced
March 5, 2022
Impact
high
Products
Firefox, Firefox ESR, Firefox for Android, Focus, Thunderbird
Fixed in
Firefox 97.0.2
Firefox ESR 91.6.1
Firefox for Android 97.3
Focus 97.3
Thunderbird 91.6.2
#CVE-2022-26485: Use-after-free in XSLT parameter processing
Reporter
Wang Gang, Liu Jialei, Du Sihang, Huang Yi & Yang Kang of 360 ATA
Impact
critical
Description
Removing an XSLT parameter during processing could have lead to an exploitable use-after-free. We have had reports of attacks in the wild abusing this flaw.
References
Bug 1758062
#CVE-2022-26486: Use-after-free in WebGPU IPC Framework
Reporter
Wang Gang, Liu Jialei, Du Sihang, Huang Yi & Yang Kang of 360 ATA
Impact
critical
Description
An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox escape. We have had reports of attacks in the wild abusing this flaw.
References
Bug 1758070
As far as I can tell (though I'm no expert) Thunderbird is just as affected by these vulnerabilities as Firefox is. What makes this different than the Debian chromium situation is that that was a single maintainer that wasn't updating Chromium. But Ubuntu Thunderbird is in the "main" repository (when I checked on the Ubuntu live usb) which my understanding is that it's maintained by Canonical itself. This just seems to me to be beyond the pale for Canonical itself allowing zero day exploits to be part of Thunderbird. But I don't understand everything so maybe I'm missing something. But that concerns me.
Debian updated to 91.6.2 on March 8, three days after the March 5 release of 91.6.2.
https://www.thunderbird.net/en-US/thund ... easenotes/Version 91.6.2, first offered to channel users on March 5, 2022
https://tracker.debian.org/pkg/thunderbird[2022-03-08] Accepted thunderbird 1:91.6.2-1~deb11u1 (source) into stable-security->embargoed, stable-security (Debian FTP Masters) (signed by: Carsten Schoenert)
-
- Posts: 932
- Joined: 2020-05-03 14:16
- Has thanked: 7 times
- Been thanked: 65 times
Re: How much do you trust Debian?
I'm watching the CVE's very carefully - the thing is, that CVE database is only providing a "hints" - to analyse the threat, You have to understand the code and try to execute the POC example.
The "use after free" CVE's vulnerabilities are extremely hard to use outside of laboratory -> in our world the safety of computers is foremost a business
F.e. the "Dirty pipe" (CVE-2022-0847) has been rated as "critical", but it's a local privilege escalation case - it can't be used without preparing the system for the attack.
The "use after free" CVE's vulnerabilities are extremely hard to use outside of laboratory -> in our world the safety of computers is foremost a business
F.e. the "Dirty pipe" (CVE-2022-0847) has been rated as "critical", but it's a local privilege escalation case - it can't be used without preparing the system for the attack.
Bill Gates: "(...) In my case, I went to the garbage cans at the Computer Science Center and I fished out listings of their operating system."
The_full_story and Nothing_have_changed
The_full_story and Nothing_have_changed
-
- Posts: 241
- Joined: 2021-04-06 22:14
- Location: Sweden / Linköping
- Has thanked: 7 times
- Been thanked: 9 times
Re: How much do you trust Debian?
If you have a computer behind a firewall that is totally blocked for incoming traffic, and no one does something stupid, it cant get accessed from the outside. updated or not. EDIT(you also need outbound rules and block by default to stop unwanted outgoing traffic (calling home (example win-Logitech mousepad))LE_746F6D617A7A69 wrote: ↑2022-03-22 22:17You seem to be a clever person - but the above makes completely no sense - what's the use case then? ... and how it is different from using up-to-date OS?
How did Linux computers get infected by EvilGnome? https://thehackernews.com/2019/07/linux ... yware.html
The answer is, it had to be installed by the user. The system wasn't the problem, the user was. Do you see my point now?
I don't want it to become a windows discussion on a Linux debian forums, so if you want more details we can take that by PM.LE_746F6D617A7A69 wrote: ↑2022-03-22 22:17Today, MS Winblows, Boogle Bandroid, and idiotOS have built-in spying functionality - they are no different from old-fashioned trojans.
Debian by default does not contain any spying software (well, there is a popcon, but it's an opt-in)
Sort answer. yes win10 is called win10spyware and if it wasn't for EULA, every court in the world would have a law class action against microsoft as a spyware company.. and some country's does. And then all antivirus companies in the world would blacklist windows as a virus..
The biggest problem with win10+11 is, it is a rolling release, it's hard to rip out all the spyware as it's gets installed again with next rollup. In win xp, vista, 7 and 8 it is possible to rip it out and it's stays out if you watch out what updates to install or not. (and you breaks some functions when you rip out the spyware in 10 and 11)
The look on 8, 10, 11 and the rolling release of 10+11 was the main reason that I abandon wincrap... so never-ever-ever winblows for me again.. it's totally crap from the ground up.
Why make things complicated in life, if you can make it easier for yourself... Do it. ;o)
You only have one life, so make the most of it and enjoy it while you can.
You only have one life, so make the most of it and enjoy it while you can.
-
- Posts: 932
- Joined: 2020-05-03 14:16
- Has thanked: 7 times
- Been thanked: 65 times
Re: How much do you trust Debian?
Really? You have 14 years of experience as an Winblows admin?
Windows itself creates outgoing connections to WindowsUpdate servers, and that addresses can be spoofed -> in fact, this still works with win10
Hmm, it's You who have started spamming this thread with unrelated bullshits about how it is safe to use a 22 years old Microshit systems ...
Good night.
Bill Gates: "(...) In my case, I went to the garbage cans at the Computer Science Center and I fished out listings of their operating system."
The_full_story and Nothing_have_changed
The_full_story and Nothing_have_changed
-
- Posts: 241
- Joined: 2021-04-06 22:14
- Location: Sweden / Linköping
- Has thanked: 7 times
- Been thanked: 9 times
Re: How much do you trust Debian?
And how should win update call out if you have stop it?LE_746F6D617A7A69 wrote: ↑2022-03-22 23:53Really? You have 14 years of experience as an Winblows admin?
Windows itself creates outgoing connections to WindowsUpdate servers, and that addresses can be spoofed -> in fact, this still works with win10
Hmm, it's You who have started spamming this thread with unrelated bullshits about how it is safe to use a 22 years old Microshit systems ...
Good night.
you need to plug the problems to get wincrap secured in the first place. When i used windows i installed all updates offline
as for win10 i did say (you break some functions when you rip out the spyware in 10 and 11) that is example. search, winupdates, camera, store etc
no i only worked with custom installs between 1999-2008 back to school 2008-2013 and then again worked network and win systems 2013-2020
i wrote that in my thread you posted in.
where was I writing it was safe to use a 22year old windows computer.. quote that and highlight that statement. Read again please.
Why make things complicated in life, if you can make it easier for yourself... Do it. ;o)
You only have one life, so make the most of it and enjoy it while you can.
You only have one life, so make the most of it and enjoy it while you can.
Re: How much do you trust Debian?
Good to know.
Interesting. I had heard that some exploits may be serious in their outcome (allowing remote code execution) but are difficult to carry out. So now I'm not looking down on Canonical so much lol. Except they have had attacks in the wild....- the thing is, that CVE database is only providing a "hints" - to analyse the threat, You have to understand the code and try to execute the POC example.
The "use after free" CVE's vulnerabilities are extremely hard to use outside of laboratory -> in our world the safety of computers is foremost a business
F.e. the "Dirty pipe" (CVE-2022-0847) has been rated as "critical", but it's a local privilege escalation case - it can't be used without preparing the system for the attack.
Ha, ha!in our world the safety of computers is foremost a business