No sysadmins can “just change this one setting to fix things” - with unforeseen impacts that aren’t found until hours later. Immutable systems also can claim to be more stable than traditional operating systems, simply by virtue of eliminating many of the vectors that introduce instability into a system - most of which are human. Immutable systems are also easier to manage and update: the operating system images are not patched or updated but replaced atomically (in one operation that is guaranteed to fully complete or fully fail - no partial upgrades!)
Also, even if an exploit is found, bad actors cannot change the operating system on disk (which in itself will thwart attacks that depend on writing to the filesystem), so a reboot will clear any memory-resident malware and recover back to a non-exploited state. They are inherently more secure, because many attacks and exploits depend on writing or changing files. Immutable operating systems have a lot of advantages. An immutable operating system is one in which some, or all, of the operating system file systems, are read-only, and cannot be changed.
0 kommentar(er)
