[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: should debian comment about the recent 'ransomware' malware.

On Tue, 16 May 2017, Lars Wirzenius wrote:
> If we were to do so, it should be something that helps victims, or
> those in danger of becoming victims, of this non-verbal attack. Maybe
> something along the lines of keeping one's systems up to date with
> security updates, and having good, secure backups that an attacker
> can't destroy. But that advice is already being given by numerous
> others so I'm sure it's worth Debian doing it too, if for no other
> reason that very few Windows users pay any attention to Debian.

Actually, we might want to issue an statement to _Debian_ users
reminding them the value and necessity of keeping their Debian systems
up-to-date.  Maybe point to our automated solutions that remind and/or
apply security updates automatically.

Our users should also be reminded of the risk of allowing very old
Debian releases that are no longer supported to connect to a network...

It is probably worth it to also remind users that they must also keep
track of firmware updates on Intel and AMD systems for platform-level
fixes (Intel ME, Ryzen and Kabilake microcode, usual BIOS/UEFI platform
bugs that cause severe issues with the Linux kernel).  Debian cannot do
this for them.

  Henrique Holschuh

Reply to: