Mozilla aims to add silent updating to Firefox 10 and acknowledges "update fatigue"

Discussion in 'other security issues & news' started by MrBrian, Oct 4, 2011.

Thread Status:
Not open for further replies.
  1. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
  2. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    That's really how it should be.
     
  3. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    Don't agree :thumbd: I much prefer to decide what i want/need or do Not :p
     
  4. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    Silent update will be optional.
     
  5. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Users generally have no idea what versions imply and they almost never know what they need or even what they want.

    It should be Opt Out if anything.

    Keeping their product up to date is important.
     
  6. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    I agree and disagree with this. Silent updates, yes, but the ability to turn it off, no. I can't for the life of me figure out how Mozilla got so many complaints about update notifications being irritating. Just close the dialog box and update later, geez. Also, I'd much prefer a few less users over letting so many of them continue to use outdated and vulnerable browsers. If a user doesn't like it, they still have the ability to choose..another browser.
     
  7. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Yikes. Nooooo.

    I see this so often with people and Adobe Reader... they're often a full version behind and exposed to tons of vulnerabilities. Silent updates would fix this.
     
  8. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    Hehe, I don't mean don't update. I just found it silly to be so irritated by an update notification. This, as you say, would be one of those times silent updates would be great. I doubt, unless something went wrong, anyone would even know what version they were on.
     
  9. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Most people I know with Chrome have no idea what version they're on. It updates silently and nothing really changes because they don't do ridiculous huge UI changes out of nowhere.

    For something as insecure as Firefox they should be doing everything they can to ensure their patches roll out.
     
  10. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    There's a problem with Google Chrome silent updates, though. A relative of relative uses a hosts file to block ads & trackers. The latest two Google Chrome releases weren't downloaded/installed because Google Analytics was (still is) being blocked.

    Google Chrome gave no alerts saying updates failed. My relative only knew the update failed, back then, because I told also to check for updates manually.

    100% silent is never a great idea, IMHO. Because Google is now forcing Google Analytics (at the image of what it does when we want to install extensions from Google Store) to users, if my relative didn't know it was possible to check for updates manually, Google Chrome would be out-of-date who the heck knows for how many releases, until I probably checked things.
     
  11. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    I think it would be nice if there were some slight indication of an update. Chrome does have a little green arrow when updates are ready to be installed though.

    And the host file is an uncommon tactic for blocking ads. But yes, my exgf had a problem with Chrome updating and she didn't even realize it until I saw her computer.
     
  12. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,852
    Re: https://www.wilderssecurity.com/showthread.php?t=309289 (http://www.theregister.co.uk/2011/10/06/firefox_silent_updates/) posted by Daveski, which suggests this could come in Firefox 8 instead of 10.

    I'm having a hard time understanding what this has to do with Enterprise, I only see it being good for home use. I have to wonder if Mozilla know Enterprise at all? Silent updating of software is NOT how you please network admins. The first comment says it all:

     
    Last edited: Oct 6, 2011
  13. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Well, it prevents fragmentation, which is definitely an enemy of administration. But it's still no great...
     
  14. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,852
    Admins don't give a hoot about fragmentation otherwise they'd all be on IE8. They want to control exactly when something updates, and firstly test updates, using services like Windows Server Update Services. A software update breaking a required service for that Enterprise can cost you your job.

    If you actually see Chrome in an enterprise situation (rare), updates are disabled and done manually whenever the admins want to (also rare).

    I'm not saying Firefox shouldn't do this, I'm saying it has nothing to do with pleasing Enterprise.
     
  15. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,852
    Seems like the entire article is full of inaccuracies.

     
  16. Baserk

    Baserk Registered Member

    Joined:
    Apr 14, 2008
    Posts:
    1,317
    Location:
    AmstelodamUM
    A thumbs down for El Reg.
    Seems like a certain BOFH wrote the article. Or his assistant.
     
  17. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    I would certainly doubt that fragmentation isn't a problem.

    If you have a group of users on IE 6 and another on IE 7, another on OSX, another on IE 8, another on Firefox, it makes group policy much more difficult.

    If everyone is on the latest IE it's not ideal because Admins want to control the version either.

    Bother are issues.
     
  18. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,852
    For some reason you seem to think that I'm implying businesses have different versions of browsers within their own business, which I didn't.

    You stated it prevents fragmentation, since it would be quite rare for an enterprise admin to have fragmented versions of applications in their own network, I could only assume you're talking about the world as a whole. No admin cares about this, only their internal network. An image of whichever OS they use will be created and distributed on the network and Active Directory will be used to give the right people access to the specific OS elements. This makes every machine the same.

    I don't understand how you think Firefox auto updating comes into play with this at all. In a network situation you will never have applications contacting a remote site for updates, you will have that update onsite on a server and have the clients check that server for it. AV products will be setup like this, and it's pretty much the functionality WSUS provides.
     
  19. allizomeniz

    allizomeniz Registered Member

    Joined:
    Aug 23, 2009
    Posts:
    903
    If it's optional (as it should be) then I see no problems. If they make "silent" the default then that'll make those with "fatigue" happy and those who don't want silent will be able to change it. As others have said, it needs some kind of indication if updates are successful or not, which I'm sure it'll have, if they have any sense left at all. I hate silent installs. My sister sets everything to install silently in the background then complains because her system is constantly plagued with problems and runs slow.

    "Update fatigue" was never a problem at all before they started the rapid release lunacy. I don't think they thought this whole thing through very well.
     
  20. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    4,047
    Location:
    USA
    The "update fatigue" was caused by them and wasn't an issue prior to v4. As an IT manager I really don't want any silent updates and they may well lose a few installations if this is forced. :doubt:
     
  21. cozumel

    cozumel Registered Member

    Joined:
    May 23, 2009
    Posts:
    260
    Location:
    London, UK
    I've actually already recently stopped using firefox, partially due to this silent update thing. I just don't like it on principal. Something happening silently could easily be a vulnerability being exploited. Makes me uneasy. Too many updates for Firefox and silent updates is not a good solution imho
     
  22. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    For the casual user, maybe. It's also a potential problem. Updates have a way of breaking things (especially extensions) and changing user specified settings back to their defaults. More than a few of the service calls I've made were caused by automatic updates.

    On my own systems, I won't allow auto-updating. My system is equipped and configured the way I want it. I want it to be exactly the same every time I use it. The default-deny policy and the apps that enforce it are configured to prevent changes, both vendor approved and malicious. Updating is an administrative task here, where every file and registry change is logged.

    IMO, Mozilla is going way too fast with this updating. They're not allowing time for proper testing on real users PCs. As long as I can disable auto-updating in SeaMonkey, I'll keep using it. If the day comes that I can't disable or block it, I'll either switch to something else or stay with the last version that kept it optional. Mozilla got to where they are by listening to users and giving them what they want. They need to get back to that and stop trying to be like their competitors by competing on their turf.
     
Loading...
Thread Status:
Not open for further replies.