If updating frequently is good, why is TENS, the distro recommended to US military staff abroad, 10 months out of date?
Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
There is no automatic update as far as I can see. You just download the latest version of the distro and burn it to a CD or USB flash drive. But the last version is 10 months old and the one before is 5 months older.
Is it possible they consider immediate updates a bad idea?
I think this is clearly explained on the home page https://www.spi.dod.mil/lipose.htm. It's meant to be a thing client, not a general purpose PC. It's a live CD, nothing is saved to disk, malware can only be active during the session. Access to government web site is secured via smartcard, and nothing else can be done with this beast.
It's a live CD, nothing is saved to disk, malware can only be active during the session. Access to government web site is secured via smartcard, and nothing else can be done with this beast.
Surely it allows visits to other sites and getting exposed to man-in-the-middle attacks even if they only visit google or whatever. Remember, these users are a prime target for threats.
When I was in the USMC. It took them awhile to catch up to be hip. When it came to certain things not deemed important. Usually a gunny determined what was important. Gunnys could be ignorant when it comes to computers. Hence. You being irked.
It was one of many reasons I only served my legal limit.
To me. I don;t think the military is way hip on linux in general. Maybe a few specialists. But nothing in management.
TENS™ differs from traditional operating systems in that it isn't continually patched. TENS™ is designed to run from read-only media and without any persistent storage. Any malware that might infect a computer can only run within that session. A user can improve security by rebooting between sessions, or when about to undertake a sensitive transaction. For example, boot TENS™ immediately before performing any online banking transactions. TENS™ should also be rebooted immediately after visiting any risky websites, or when the user has reason to suspect malware might have been loaded. In any event, rebooting when idle is an effective strategy to ensure a clean computing session.
We would all be doing our banking with live CD's if it were that simple. Must we rule out the possibility that continuous updates are in fact a vulnerability if a mitm attack is possible?
Must we rule out the possibility that continuous updates are in fact a vulnerability if a mitm attack is possible?
You can never 100% rule anything out. It sounds like you want a simple yes/no answer as to whether "TENS" is "more secure" than a "typical" distro. But it's not possible to give such an answer that will cover all possible situations. It's not even possible to answer with 100% certainty for a single person, since none of us knows which attacks we will face in the future.
Last edited by ntubski; 03-17-2020 at 06:50 AM.
Reason: missed word
I do updates frequently on some boxes that get used every day.
The others. sometimes 6 weeks or more before I dist-upgrade.
Those others take longer < more stuff to download and install than the others I do frequent like >.
I know the govt has you locked in to do as ordered.
I used to be sneaky in the military because of this.
Lots or article 42 < office hours >in my military past.
My luckout was the dude determining my punishment was my pilot.
He'd keep me broke. Not lock me up. But in the service.
Not sure how easy to set up a casperw partition in tails, tens, or whatever uncle sam says do.
But then. / is read only I guess. So no use in that.
Hence. Why I go with a distro that permits live usb changes to /. Like AntiX, or even Puppy Linux with it's .sfs file loading choices at boot.
Puppy can be pretty secure for banking on a pen drive because of this.
But all of this comes from the a dude at the end of a desert with no one really around.
Not a soldier in today's modern armed forces.
There is everything wrong with autoupdate, basically you are giving whoever controls the updates full control over your software and data, with autoupdates it is possible to:
Insert backdoors, spyware and malware.
Add unnecessary features.
Remove features.
Target a single user with shit like A/B testing, treating people like guinea pigs.
Make unwanted changes, like the dreaded UI changes.
Locking down content behind paywalls
Whatever else malicious developers want to do with you.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.