Re: should debian comment about the recent 'ransomware' malware.
On Tue, 16 May 2017, Lars Wirzenius wrote:
> If we were to do so, it should be something that helps victims, or
> those in danger of becoming victims, of this non-verbal attack. Maybe
> something along the lines of keeping one's systems up to date with
> security updates, and having good, secure backups that an attacker
> can't destroy. But that advice is already being given by numerous
> others so I'm sure it's worth Debian doing it too, if for no other
> reason that very few Windows users pay any attention to Debian.
Actually, we might want to issue an statement to _Debian_ users
reminding them the value and necessity of keeping their Debian systems
up-to-date. Maybe point to our automated solutions that remind and/or
apply security updates automatically.
Our users should also be reminded of the risk of allowing very old
Debian releases that are no longer supported to connect to a network...
It is probably worth it to also remind users that they must also keep
track of firmware updates on Intel and AMD systems for platform-level
fixes (Intel ME, Ryzen and Kabilake microcode, usual BIOS/UEFI platform
bugs that cause severe issues with the Linux kernel). Debian cannot do
this for them.
--
Henrique Holschuh
Reply to: