Mozilla will start Firefox silent updates in June

Discussion in 'other software & services' started by ronjor, Mar 15, 2012.

Thread Status:
Not open for further replies.
  1. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,719
    Location:
    Texas
  2. Trooper

    Trooper Registered Member

    Joined:
    Jan 26, 2005
    Posts:
    2,824
    Thanks for the heads up Ron.
     
  3. tgell

    tgell Registered Member

    Joined:
    Nov 12, 2004
    Posts:
    1,073
    I wonder how this would work if you are always running firefox in a LUA on XP?
     
  4. JRViejo

    JRViejo Global Moderator

    Joined:
    Jul 9, 2008
    Posts:
    20,907
    Location:
    U.S.A.
     
  5. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    This is it for me on FF.

    They have built their rep on no script and being more secure as a browser. Google is gone over the the tracking dark side.

    I'm removing FF from my PC's and I have google ips blocked in completely.

    On the market I'd sell their shares short.
     
  6. Daveski17

    Daveski17 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    8,028
    Location:
    Lloegyr
    I'm not sure if this is a good thing or a bad thing for Fx. It's a bit drastic to uninstall Fx though. I always found that when Fx goes a bit dodgy, there's always SeaMonkey.
     
  7. moontan

    moontan Registered Member

    Joined:
    Sep 11, 2010
    Posts:
    3,931
    Location:
    Québec
    just use a portable version.

    no updates.
     
  8. allizomeniz

    allizomeniz Registered Member

    Joined:
    Aug 23, 2009
    Posts:
    900
    It's things like this that make me really glad I'm still using 3.6. Mozilla promote regular updates as a means of staying secure but wadda ya do when they've become the parasite? Trusting Mozilla is all fine and dandy until someone comes along pretending to be Mozilla.

    I'm a big advocate of user's having control over their own updates. Sure, there are a lot of users who either don't know how or don't want to learn how to manage their own systems, and these are the people Mozilla are trying to attract. It does make life easier, but it's a recipe for disaster just waiting to happen.
     
  9. kupo

    kupo Registered Member

    Joined:
    Jan 25, 2011
    Posts:
    1,122
    AFAIK, you can turn of silent updates. :shifty:
     
  10. BlitzenZeus

    BlitzenZeus Security Expert

    Joined:
    Feb 11, 2002
    Posts:
    451
    Location:
    Oregon, USA
    It's easy to disable, see attachment.
     

    Attached Files:

  11. allizomeniz

    allizomeniz Registered Member

    Joined:
    Aug 23, 2009
    Posts:
    900
    That's good you at least have an option. It would have been better if they'd disabled it by default and given people the option to enable it, and given a warning that enabling has the potential to be less secure. But I think the audience they're shooting for are looking for convenience so the way they've done it will probably work better for them.
     
  12. kupo

    kupo Registered Member

    Joined:
    Jan 25, 2011
    Posts:
    1,122
    I disagree that it should be better by default.
    -As you say, a lot of their audience doesn't have layered security. That's their target with automatic updates, not users like us.
    I disagree that enabling it has potential to be less secure.
    -How can automatic updates be less secure? Patching exploits, vulnerabilities are far better than an old version of a browser. It's the same logic with Windows Updates, the recommended for the general users are to install it automatically. Again, the general users aren't using layered security, no Sandboxie, no HIPS, etc.
     
  13. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
  14. kupo

    kupo Registered Member

    Joined:
    Jan 25, 2011
    Posts:
    1,122
    As quoted above, Mozilla developed it in years so I think (just my opinion :D) it will be secure :D.
     
  15. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,084
    But there are conditionals in there.. that the newer version really is "more secure" than the older version in some way and the newer version doesn't bring with it any new and/or changed behaviors that "reduce security" in some way. If there were strict guidelines designed to assure that silent updating would be done only to fix bugs/vulnerabilities and feature additions/changes would never be rolled out in silent updates, I would think this less of a concern. Is that what they are planning to do?
     
  16. kupo

    kupo Registered Member

    Joined:
    Jan 25, 2011
    Posts:
    1,122
    But isn't a patch for an already discovered exploit much better than an unknown exploit that, as you say, "could" be presented in the newer version. Again, this feature are for those majority who are lazy to update their software. (I know a lot, but they all migrated to Chrome which also has automatic updates, good for them :D).
     
  17. mantra

    mantra Registered Member

    Joined:
    Jan 25, 2005
    Posts:
    5,118
    i have never seen
    can i disable now? i have firefox 11.0

    and 12 is out
    thanks
    cheers
     
  18. kupo

    kupo Registered Member

    Joined:
    Jan 25, 2011
    Posts:
    1,122
    You can disable it when you are installing Firefox 12.
     
  19. mantra

    mantra Registered Member

    Joined:
    Jan 25, 2005
    Posts:
    5,118
    thanks
    can i do it even during the automatic udpdate ?
     
  20. treehouse786

    treehouse786 Registered Member

    Joined:
    Jun 6, 2010
    Posts:
    1,388
    Location:
    Lancashire
    much needed feature in my eyes. right now its a complete pain to update firefox on locked down windows 7 systems, the update service should solve that
     
  21. vasa1

    vasa1 Registered Member

    Joined:
    May 1, 2010
    Posts:
    4,152
    You want to do it exactly when an update is in progress?
     
  22. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,084
    That would depend on the relative severity and how much damage was done via each when all was said and done. That's not really what I was talking about though. As made clearer by my next sentence it is silently delivered NON-patch-related changes that concern me the most. Certain things like adding unique identifiers, adding a metrix ping which is on by default, and the consideration of supporting Google's full URL safe browsing API are just three features I recently read are on the table and those certainly aren't purely good things. Who knows how many other controversial features are on the table and what Mozilla might want to silently push out down the road and in enabled by default form (with or without patches to known vulnerabilities).

    How much should we care about those who are too lazy or otherwise challenged to keep their software up to date? Should we encourage or fail to discourage a deviation from good software design principles (alert the user to important changes, get their explicit consent when it comes to controversial things, etc) and sound computer administration (check things before acceptance) to accommodate them? That I think is a deeper question than it initially seems and it requires thinking through multiple long complex future scenarios. Perhaps there is something to be said for "technological natural selection"? Perhaps this is a slippery slope and Mozilla's step will help embolden industry (which absolutely wants to control what we use and what we can/cannot do with it) to move towards a silent update model and take us another step closer to a dystopian future?
     
  23. kupo

    kupo Registered Member

    Joined:
    Jan 25, 2011
    Posts:
    1,122
    Can't argue with that, it's just a matter of trust to Mozilla.
    Well I really don't care about them, but devs do. :D
    Again, its just a matter of trust. IMO, the only reasons of this automatic update is security issues. Just that :D. If Mozilla really wants control, they will not give an option to disable it during install. If the user just click their way through installation, for me, they really that automatic update. (Clicking their way through the installation is a sign of laziness ;).)
     
  24. mantra

    mantra Registered Member

    Joined:
    Jan 25, 2005
    Posts:
    5,118
    i mean how should i update firefox to v12?
    should i download from mozilla or via firefox to avoid the service?
    thanks
    cheers
     
  25. kupo

    kupo Registered Member

    Joined:
    Jan 25, 2011
    Posts:
    1,122
    I'm on Pale Moon x64 now, so I don't have that problem :D. But if I were still using Firefox, I'll do a clean install while preserving my profile. That's just me though.
     
Loading...
Thread Status:
Not open for further replies.