Automatic Updates on Linux Severs
Outdated software is a security nightmare and there are good reasons to keep it up to date. That’s kind of a general rule which I tend to apply everywhere. Lately, I was involved in a discussion about the risks and benefits of automatic security updates applied to servers running hot Bitcoin wallets.
It turned out, a lot of people in Bitcoin industry are strongly against automatic security updates. Their main concern is the possibility of supply chain attacks. By running certain software you put a lot of trust in its developers, and you should never run the software made by people you don’t trust. The naive assumption would be: I already trust the developers, so I should enable automatic updates. If those developers feel that the update is necessary, it probably is.
I used to think like this, but this approach has some flaws. When I install and run a certain program, I can’t avoid trusting the developers as well as the distribution channel and all the things in between. Why shouldn’t I trust the updates then? Well, developers can get hacked, as well as the distribution channels. Every update can be compromised, it’s not a risk-free action after all. On the other hand, not having the latest security updates is also risky, although it really depends on how you use unpatched software.
That said, how can we balance those risks and benefits? It’s more of an art than science, I guess. Let’s say a hacker manages to get access to a hundred of Bitcoin wallets via supply chain attack. He’d be very happy, indeed, and he’d likely to try to transfer all the money to his own wallet, triggering a lot of drama in the community. This kind of attack can only harm people who updated from poisoned sources. That’s why it might be wise to not update your software too often, especially if it runs something critical such as hot Bitcoin wallet. It’s a kind of compromise, you don’t want to miss on years of security updates but having a healthy lag of a few weeks can actually be beneficial. Of course, some updates might be critical, but you’ll likely hear about them from many sources and be able to perform a manual out-of-schedule intervention.