Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy.
Follow him on Twitter at @gcluley, on Mastodon at @[email protected], or drop him an email.
3 comments on “The Ubuntu software update dialog that leaves you guessing”
Not me… If I do not know what it is, it don't get installed.
This is also one of my biggest gripes with MSoft
I've never seen Windows Update fail to show what patches will be downloaded.
I certainly agree that the description should be better. The summary from the bulletin or KB article should be used rather than the generic 'A security issue has been identified in a Microsoft software product that could affect your system' for security updates, or 'Install this update to resolve issues in Windows' for other updates. You can click the 'More Information' link to get to the security bulletin or KB article, but that means a lot of back-and-forth between the browser and the Windows Update applet in order to make decisions on which updates to install.
Even where the update's description says what it is without you having to look at the KB article – for example KB2592687, "The Remote Desktop Protocol 8.0 update enables you to use the new Remote Desktop Services features" – the title of the update is still the useless generic 'Update for Windows 7'.
(Not sure as I don't like debian based – especially ubuntu – distros but it might be there was info if you clicked the plus sign as would indicate).
But that aside the thing with Linux distributions is they typically update from repositories (which are kept sane generally speaking although there can be problems with third party repositories and conflicts between packages but that is typically the risk of third party repos, isn't it?) and they also typically by default verify the packages by checksum (that is to say the repository holds this information and if there is a mismatch it is a possible – not a guarantee; package maintainer might have forgotten to sign it [I've seen that before] – problem). I would say that it's more like a bug with the package updater if anything (or an empty transaction which can also happen some times – software is written by humans = error prone). Most importantly any experienced user will be able to determine if there is an actual problem or not and know how to fix it (if it is a problem). As for me, I wouldn't update that but only because I do most stuff at the command prompt and I couldn't care less about GUI updaters. A simple cron job and the 'mail' client is all I need.
And otherwise: "Wow, nothing takes up 1.7MB. That’s some bloat!"
That is hilarious and made my night (word play is so much fun).