Update your computer!

TLDR

  • Security updates are very important
  • Stats tell us they’re not being applied by all users
  • Apply updates right now!
  • Don’t run an EOL version of Linux Mint

Security updates

Updating is important

Security updates patch vulnerabilities in your computer. They protect you from local attacks (people with physical access to your computer and people who have an account on it) but also remote ones (attackers targeting your computer through your Internet connection).

Other than directed attacks security updates also protect you from malicious software. When you ask your computer to execute external content (software you downloaded, email attachments, a link you click or even just a webpage you visit in your Web browser) you also take the risk to open a door into your computer and invite attackers in.

When a vulnerability is found developers fix it as soon as possible and distributions ship it as an update so you can apply it in a timely fashion. These vulnerabilities then become public and known by potential attackers. This means an outdated system isn’t just vulnerable, it is known to be vulnerable.

Let’s have a look at the list of known vulnerabilities in Firefox:

https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox

If you’re not running the latest version, check which version of Firefox you’re using and count the number of critical (red) patches you’re missing.

Updating is easy

Linux Mint comes with one of the best update managers available. It’s very easy to use, it’s configurable and it shows a lot of information.

It handles security updates for all your software. All you need to do is use it.

Updating is safe

Linux Mint ships with Timeshift to provide integrated system snapshots. With a click of a button you can revert your computer to your previous snapshot and negate the effect of any potential regression.

Thanks to Timeshift you can configure your computer to perform automated snapshots and thus safely configure your Update Manager also to perform automated updates.

After it was introduced in Linux Mint 18.3, Timeshift was backported to previous Linux Mint releases. It’s available in all modern versions of Linux Mint, including EOL ones.

Statistics

Statistics are not precise but they do tell us something

Before I give statistics, take the numbers in this blog post with a pinch of salt.

We can’t measure anything with precision because there’s nothing in your computer which sends data to us and we don’t configure Linux Mint in a way that even allows us to count how many users we have. In other words, there is nothing in Linux Mint that is common to all users and that we could rely on to establish statistics.

That being said, we do have a few metrics we can measure. They give us stats which only tell one particular aspect of the story and they are unreliable and imprecise but do tell us something nonetheless.

About 30% of users apply updates in less than a week

After we updated Firefox 85.0 we asked Yahoo to give us a breakdown of the Linux Mint traffic per user agent. These stats only covered users which use Yahoo of course but they did show us how fast the update was applied.

We were able to observe the fact that only 30% of users updated their web browser in less than a week.

These statistics also show us users of recent Linux Mint releases which do not apply updates at all. For instance, a part of that traffic uses Firefox 77 (the version which shipped with Linux Mint 20).

Between 5% and 30% of users run Linux Mint 17.x

These stats come from two distinct sources, both highly unreliable.. as you can see there’s quite a gap between 5 and 30, but they both tell us the same story.

0% of users should run Linux Mint 17.x! Anything above is not good, whether it’s 5% or 30%.

Linux Mint 17.x reached EOL (End-Of-Life) in April 2019. In other words it stopped receiving security updates for almost 2 years now!

The 5% figure comes from your default browser start page. The longer you use Linux Mint after you installed it the more likely you are to have changed your first page, so we can reasonably assume the number is lower than reality.

The 30% figure comes from our APT repositories. It’s the traffic percentage we get from Linux Mint 17.x. It’s unreliable because APT got better at performing less HTTP requests for the same queries and we lowered the default cache update frequency in modern releases. It’s unreliable also because we’ve started and became better release after release at recommending the use of local mirrors, so there is naturally a higher proportion of users not using mirrors in older releases. We can reasonably assume the number is higher than reality.

Again, it really doesn’t matter to us if the real number is 10% or 15%. It needs to be 0%. We have mechanisms in place to tell users when a new release becomes available now, but we didn’t have them at the time of Linux Mint 17.x.

Apply updates right now!

Check your version of Linux Mint

Open a terminal and type:

lsb_release -r

Install timeshift

If your version of Linux Mint is 18.3 or higher, Timeshift is already installed. Otherwise, type the following commands in your terminal to install it:

apt update
apt install timeshift

Create a system snapshot

Run Timeshift and configure it it it’s the first time you run it (select the default options if you’re not sure).

Press the “Create” button to perform a system snapshot.

If anything goes wrong you’ll be able to come back thanks to this snapshot.

Apply all updates

Run the Update Manager.

Press the “Refresh” button to find available updates.

If a new version of the Update Manager itself is available, you will need to apply it first.

Press “Install Updates” to update your computer.

Automate snapshots and updates

Updates are indicated by a shield icon in your system tray. Unlike other operating systems which rely on frustration and which annoy you at the worst possible time until you perform updates, Linux Mint gives you a visual indication that updates are available but it’s up to you to decide when to apply them.

This setup is empowering and comfortable but it does rely on you to eventually apply the updates. We’ll need to consider a frustration mechanism if the system is neglected for months but we’ll touch on that in the next blog post.

If you don’t apply updates regularly then you should consider automating the process.

In the Timeshift configuration screen you can automate system snapshots.

Likewise, in the Update Manager configuration screen you can automate the updates.

Do this and you no longer need to worry about it.

Firefox ESR in Linux Mint 17.x

If you are still using Linux Mint 17.x you need to backup your data and reinstall a modern version ASAP.

Because Linux Mint 17.x has reached EOL and hasn’t received any updates for almost 2 years, we decided to send an emergency update to upgrade your Firefox web browser from version 66.0 to version 78 ESR.

Because it’s ESR, this update will create a new Firefox profile for you. If you want to get back to your previous profile, close Firefox, open a terminal and type:

firefox -ProfileManager

Select the “default” profile.

Do upgrade Firefox right now as it is a very important part of your system, but please be aware that it is not enough. You will need to reinstall Linux Mint as soon as possible. You cannot run something that has unpatched known vulnerabilities for years, it’s too risky. Think of all these banks and establishments which got hit because they were still running Windows XP. We don’t want this to be you. After 5 years of support, Linux Mint 17.x is simply not supported anymore. You need to move away from it.

The latest version of Linux Mint is 20.1. It is supported until April 2025.

Thank you

If you know users of Linux Mint which do not read the blog, please spread the word for us, especially if their system is not up to date or if they run an old release. We’ve no other way of reaching them than via communication here or software updates.

Thank you all for your attention and consideration.

Posted by Linux Admin