- security News Forums
- > My wish list for Windows 7: updates for ...
- > Linux haves all this FOR MANY YEARS - and even more than that...
Posting 
Linux haves all this FOR MANY YEARS - and even more than that... 29 May 2009 19:29
Surprise: most Linux distros, let's say, Ubuntu or Mandria or
whatever, contain so called "package managers". Package manaer is a
piece of software which allows you to install applications with
automatic installation of required dependencies (and uninstall with
auto-remove of unneeded dependencies). And this also comes with
auto-update of all installed software.
Actually, it's much better system than what exists in Windows with
it's stupid MSI Installer.
Good example:
Let's there to be some program. It's using zlib data compression
library. There is many programs using it so it's great as example.
1) Software installation:
Windows: there is no method to tell system that certain app needs
"zlib" library. So, we have no choice but to bring our own copy of
zlib.dll with our program. Same goes for each and every program and
shared libraries. So, if you have 20 programs using zlib, you may
have 20 copies of zlib.dll or so. Some programs may also link zlib
library statically into their code as there is little use of DLL
nature anyway since it usually not shared with other programs.
Linux: Usually programs are installed from packages. Package is
somehow similar to MSI package files. But major advantage here that
in Linux package tells package manager that is needs "zlib" package
as well. So, package manager downloads both desired program and
"zlib" library package from so called "repositories", checks their
signatures to make sure they're from system maintainers and not from
bad guys, extracts and installs them. For user this requires as much
as to select program in list and click "install" button once. If
other program will need "zlib" ever, it's package just indicated
same. Package manager will figure out if zlib already installed and
will not install it second time. So, if 20 programs using zlib, still
there is only one library installed in standard place.
As side benefit of such install techniques, in Linux it is quite hard
to occasionally install malware represented as some good program
(system maintainers not willing to host malware in repository and
manual install requires several a bit more tricky actions, so malware
does not distributes as well as it happens with Windows).
2) Now, most funny part. Let's say, someone found major security
issue in zlib (as it has happened once).So, we're under attack!
Windows: there is no way to update zlib.dll in all programs to
correct this flaw in single shot. So if you have 20 programs using
"zlib" installed, you have to visit 20 web sites and download 20
updated programs. You can only hope that all 20 authors were
responsible enough to update their zlib copy in their program but
this is at least not guaranteed since casual developers often neglect
security in favor of other goals. You have only to hope you
downloaded updated program rather than some malware. And after all,
you have to walk through 20 setup wizards, performing 20 updates
manually. Not sounds cool, yeah? That's exactly why it is still
possible to strike Windows users with ancient zlib bug found years
ago even today.
Linux: system maintainers are usually understand security issues very
well. So, once there is security issue arises and library author(s)
corrected it, they're quickly building new version of "zlib" library
and packaging it as same package with newer version number. If
library author fails to do so, in emergency scenario maintainers may
even act on their own to patch issue. Once issue patched and package
tested, it's put into online repository. Btw, in urgent cases
responce could be as quick as 24 hours unlike MS's "once per month"
updates! So, package managers on users systems will soon figure out
that there is newer version of "zlib" package available (they're
periodically checking for available software versions and compare
with installed) and offer user to update "zlib" library to newer
version. User action is as simple as confirm update of one package.
Then, system-wide zlib library updated. All programs using zlib not
vulnerable again. Voila! It is THIS simple! Only single download of
small package via standard package manager. No walking via 20 sucking
setup wizards or whatever. That's why it is harder to hit Linux users
with exploits and whatever - they're usually up to date. Not just
system, all installed software as well. If PDF viewer found to be
vulnerable, it can be updated as well. As well as browser, mail
program and whatever. This also gives much better control on what and
where is installed. You can remove virtually any thing you want to in
a civil manner - through packages manager rather than resort to lame
files deletion.
3)Uninstall
In Windows, if some program installed zlib as separate entry in
Add\Remove, you usually have to manually remove it, then. Same goes
for everything. There is no way to figure out if some installed stuff
needed anymore or not.
In Linux, package manager keeps track on what user installed and
what was installed as dependency to make programs happy. Once user
uninstalls something and package manager figures out that dependent
component no longer needed by anyone else and was not installed by
user for user's own purposes, package manager may offer to
automatically remove unneeded stuff.
So, you can see, in some features Linux is YEARS AHEAD of Windows...
and that's only beginning :P.That's why M$ is getting really nervous
about Linux. While they stagnated and developed nothing but useless
DRM and restrictions, Linux is going further and further.
Someone, please, show M$ package managers!And then show them KDE to
give them ideas what can be improved in their crappy desktop
environment :)
- Threaded View
- Flat View
