Stealth Firefox updates to cure permissions fatigue
By Stewart Mitchell
Posted on 6 Oct 2011 at 13:44
Mozilla is considering “silent” updates for its Firefox browser in a bid to prevent update fatigue among users.
With a six-week upgrade cycle in its browser, Mozilla said it wanted to take the annoyance out of updating the software by preventing Windows from always asking for permission for new versions.
“The rapid release process has some very positive side effects, like delivering new web technologies faster, and attracting world class developers who like to see their code ship fast," said Brian Bondy, lead developer on the project, in a blog post. "But rapid releases also have some negative side effects."
“One of the negative side effects is that minor annoyances with software updates suddenly become much more noticeable," Bondy said. "Most users don’t want to think about software updates nor version numbers, and now they are being forced to do so every six weeks.”
Bondy said User Account Control (UAC) in Windows, which asks permission for any operation that requires administrative access, caused irritation with such short update cycles.
“UAC in particular makes every process run with limited permissions, and if you want to do something like write into Program Files, then the user has to give permissions to the application to do this,” he said.
“This makes things like automated software updates hard to do without user interaction.”
Instead, Firefox will ask for elevated permission only once and then assume it has ongoing permission to automatically update.
From around the web
April Already?
It's the 1st of April right?
Either that or these people need to start smoking something less potent.
Are they seriously asking people to give Firefox automatic elevated permissions?
I ditched Firefox because of this insane update lark and now reading this I'm very glad I did.
It's almost as if they're trying to destroy Firefox and make themselves look like complete idiots at the same time.
By RedForest on 6 Oct 2011 
Creating bad habits
Seems to me that UAC tries to make users _think_ "Should this update be occurring?" To me, this idea simply takes those people back to "A program's updating - oh, that must be OK, why worry?"
By AdrianB on 6 Oct 2011
Thoroughly Modern
I do like to be kept up to date.
However, nagging doubts appear if it should be required as often as Firefox.
Is it to keep ahead of the competition?
Is it to prevent malicious code impinging Firefox?
Is it due to update for update sake?
Automatical updates feels like just seems to be asking for trouble.
Having said all that other companies are just as guilty... Adobe Flash is now up to version 11.
We are only up to date until the version is published.
By lenmontieth on 6 Oct 2011
Not just Firefox
Mozilla are nagging me every few weeks with Thunderbird too.
Trouble is, both these programs install updates without being sure they aren't screwing up existing add-ons.
By seagull on 6 Oct 2011
Chrome and IE update silently
Mozilla seem to be in a lose lose situation here. All browsers need regular bug fixes, so they have no choice to update one way or another. Luckily features are not an issue for browsers as there haven't been any significant changes since Chrome's unified search and URL bar.
By tirons1 on 7 Oct 2011
Chrome and IE
Chrome is a "user" install, it doesn't install itself in a "normal" place, but under \users\name\appdata, which means it doesn't have to bypass the UAC security to install.
IE will only "silently" update if you have Automatic Updates turned on and those updates comes direct from Microsoft's servers, not a third party.
What Firefox is talking about verges on the criminal, in terms of bypassing the normal system security.
I don't like Chrome's method either, that it isn't installed as an app and it sneaks in the updates without warning.
The plus point is, that you always have the latest security updates, as soon as they are released, but the downside, especially for a corporate, is that you don't get to properly test the update before rolling it out.
I'd be much happier if they worked with MS or one of the other corporate suppliers and integrated it into WSUS or Service Center etc.
By big_D on 8 Oct 2011
advertisement
- Laptop bag reviews: nine tested
- Sony VAIO T Series Ultrabook review: first look
- Revealed: the military standards and robots HP uses to test its laptops
- Windows 8: multi-monitors and double standards?
- Why is TalkTalk's year-old porn filter suddenly big news?
- Why are laptop screens so far behind mobiles?
- HP EliteBook Folio review: first look
- The shoebox-sized all-in-one printer
- Forget the Ultrabook: here comes the HP Sleekbook
- HP Spectre XT review: first look
- Why you have to be left in the dark on OS patches
- Is Microsoft mismanaging Windows on ARM?
- Dealing with spam surrogates
- Why 3G broadband can be better and cheaper than ADSL
- Is Twitter bad for business?
- Publishing your email address isn't a security disaster
- Why you'll need a fax machine to develop iOS apps
- Learning to adapt to the mobile web
- Why you shouldn't use WPS on your Wi-Fi network
- Disabled users suffer when software breaks the rules
advertisement
