image caption: A Microsoft Windows screen showing “Active Hours” with start time set to 12 AM and end time set to 12 AM and an error that says “Choose an end time that’s no more than 18 hours from the start time”.
image caption: A Microsoft Windows screen showing “Active Hours” with start time set to 12 AM and end time set to 12 AM and an error that says “Choose an end time that’s no more than 18 hours from the start time”.
Linux can patch the executables on disk (as can Windows, with more trickery) while the system is running, but this still leaves the running processes in a vulnerable state.
The Linux kernel can be replaced on the fly, but this isn’t enabled on most distros. Even with it enabled, kpatch/livepatch isn’t a universal fix.
Replacing /usr/bin/firefox doesn’t fix anything if you don’t restart Firefox itself. The write lock on a running process isn’t what’s preventing Windows from being patched without a reboot.
I don’t know what Windows needs to do to get as good of a state as Linux but you rarely need to do a full reboot as you seemingly are forced to do on Windows.
Just because your computer doesn’t tell you it needs to reboot doesn’t mean you don’t need to reboot to apply updates. It doesn’t take long for most processes in htop to show up as yellow, including the ones necessary to keep my desktop session and other system daemons running.
Maybe I’m the crazy one for not logging in/out more and not systemctl restarting everything every day, but I’m doing a lot more restarting on Linux than I ever need to do on Windows.