But, as we learned, there *are* Linux viruses "out there" and some
have been lingering for years and still affecting people.

The various Linux security updates do not address viruses, worms,
trojans or other nasties for the most part. What they do address are
programming blunders that permit permission elevation (e.g., a user-
level process now with the power of root) and back-doors (e.g., a
firewall bug that lets the bad guys tunnel in and steal your stuff)
and other such errors especially with browsers running Java or other
stuff.

> Two of the advantages of Linux, I thought, was being almost virus
> proof and not the need for frequent updates. A question for those in
> the know, how often do other distrobutions update?

Most of the big distros update frequently. It seems every time I
power-up my Fedora 8 or 9 boxes (about every 2 days) I'll get 16
security updates, 20-30 bug fixes, and 30 or so enhancements.

My SLED10-SP1 (Suse Linux Enterprise Desktop) rarely needs or receives
any updates; same for Solaris and FreeBSD.

With PCLinuxOS, it's a crap shoot -- there's no automatic notification
of any updates and it's the most horrible process in the world to find
out what's new. Since I've already snagged 3D_Mahjongg of it and put
that on my Ubuntu box, PCLOS is the next distro to be zapped and
forgotten forever when I need another test system for another distro.

On the lighter side of the 'linux virus' issue here is a link to an old
joke, Click Here <http://www.gnu.org/fun/jokes/evilmalware.html> I
think it helps to get the point across.

You just have to be aware that while the Ubuntu/linux OS is relatively
secure, software like your web browser could still leave you open to
attack like if you give websites permission to download cookies and
such. On the otherside you might do your online banking over an unsecure
wireless network. But using an old army metaphor, if you make it very
hard for others to get in, it is also very hard to get out!

Like others have said, the updates are mainly to fix issues, bugs and
overlooked access rights. The great thing about Ubuntu is that the time
between someone finding an issue and it getting fixed is usually very
quick. Have a look at launchpad just to see the amount of work those
guys put in.

I'll agree there. I had trouble upgrading to Intrepid Ibex - a game I
had installed was reporting problems during the upgrade. I sent a bug
report - and within 24 hours a fix was up and running. Truly amazing
support - especially when you think that we don't give these guys a
penny! I had trouble with Windows previously, and despite paying good
money for the system - could i get support when things went wrong?
Wasn't easy and took forever...

Yes, the service is truly amazing. Many developers do not get a penny, but some
do. There is a good mix of paid developers working for Canonical and people who
do it for free in their spare time. I mention this because it is an often quoted
reason for businesses not choosing Linux. Some people want a company name behind
it and are somehow comforted by the fact that professionals are at work.

Most insiders could not care at all. They just care that it works and are
grateful for support whether paid of unpaid. Increasingly more developers are
being paid which is good for the industry in general and for Linux in
particular. This does not make it better, but employs people in something that
they love and it adds weight that Linux is a serious player.

Yes, you need to be security conscious. It isn't just about viruses, but
identity theft, etc. I am no security expert, so I will let someone better
versed than I to answer the hows and whys of hardening your system.

However, updates are a necessary part of any operating system. It reflects the
changes that happen as it is constantly being tweaked and perfected. There are
kernel developers who are constantly improving hardware detection making sure
that people who buy new equipment can install Linux. There are security
developers who examine threats as new ones constantly emerge and find ways to
guard users. This is referred to as hardening the system. There are new things
everyday as new features are added to the desktops, new video and wireless
drivers as more OEMs support Linux, and new projects that keep a different
schedule from your Linux developers. Just recently a new OpenOffice came out for
example with exciting new features. The package managers want to make this
available to you so they updated OO in the repositories. A new version of the
GIMP is out and it is available for download. The old one works fine, but the
new one has new features that some people
have been demanding. So it must be updated if you want to have these features.
The only way to avoid updates is to make a conscious decision that you are happy
and want to be stuck in time. If you crave stability then this is in effect what
you are doing. It is a tradeoff that you must make. People on the other extreme
who want to be on the bleeding edge tradeoff stability for having the newest,
latest and greatest features. Most users find some place between these two
extremes. They can control what level they want and this is something that Linux
does promise. It is infinitely flexible, configurable and offers real choice.

Your response reflectsthe philosophy of different distros. Fedora has the
burning desire to be bleeding edge so it has many updates and it has the backing
of a major developer, RedHat, so it can be as aggressive and ambitious as it
likes. On the other end, PCLOS is a small distro, the brainchild of one
developer, and it moves more slowly.
Other distros have their own philosophies and move at a differeant pace. Debian
uses rolling releases which means constant development and no need to upgrade to
a new version as it is a gradual process. You hardly notice the change when all
of a sudden you are in a new version.
Ubuntu follows a cycle with new releases every six months. This is ambitious and
some people criticize them for being too ambitious, but nobody is forced to
upgrade. It is simply a matter of choice. Meaning that you can be bleeding edge
or not as you choose. Ubuntu's weakness is in my opinion is the desire to be all
things to all people and this is reflected in their motto and philosophy, but
you can't please everybody and in trying you sometimes lose users and risk
becoming bland. However, so far, they have made an admirable effort which is why
it has been the most successful distro so far.

You would have a point except that a virus or trojan constitutes only one threat
vector.

These aren't Windows machines true but what about DoS and security exploits that
aren't geared to forming a windows bot net?