Mozilla plans to silently update Firefox

Joins Google, Adobe in auto-update movement to take patching out of users' hands

Taking a page from rival Google's playbook, Mozilla plans to introduce silent, behind-the-scenes security updating to Firefox 4.

The feature, which has gotten little attention from Mozilla, is currently "on track" to make it into the final of Firefox 4, the major upgrade slated to ship before the end of the year. Mozilla has released two beta previews of Firefox 4 in the last four weeks, and has set a third beta for next week.

Firefox 4's silent update will only be offered on Windows, Mozilla has said.

Most updates, including all security updates, will be downloaded and installed automatically without asking the user or requiring a confirmation, said Alex Faaborg, a principal designer on Firefox.

"We'll only be using the major update dialog box for changes like [version] 4 to 4.5 or 5," Faaborg said in a late July message on the "mozilla.dev.apps.firefox" forum. "Unfortunately users will still see the updating progress bar on load, but this is an implementation issue as opposed to a [user interface] one; ideally the update could be applied in the background."

Unlike Google, Mozilla will let users change the default silent service to the more traditional mode, where the browser asks permission before downloading and installing any update.

Chrome is the poster boy for automatic updates. Google's browser kicked off in September 2008 with a then-controversial mechanism that removed the user from the update equation. Chrome continues to rely on an automated service that updates the browser in the background, and can't be switched off.

Taking updates out of the hands of users keeps them safer, Google has claimed. A May 2009 paper co-authored by a Google engineer argued that, "Any software vendor [should] seriously consider deploying silent updates, as this benefits both the vendor and the user, especially for widely used attack-exposed applications like Web browsers and browser plug-ins."

According to "Why Silent Updates Boost Security" ( download PDF ), 97% of Chrome users were running the latest version of the browser within 21 days of the last update's release. By comparison, 85% of Firefox users were up-to-date in the same span, while only 53% Safari users could say the same.

Faaborg and Robert Strong, the Mozilla engineer who has been writing the behind-the-scenes updater, defended the move toward a Chrome-like service.

"I think the majority of users would prefer an application that doesn't bother them with what they view as little details, where a little detail is a minor update," said Faaborg. "We get a lot of complaints that Firefox updates too often, people can't see the difference with the new version (it was actually a security patch), that we change our mind too much and should just ship one version (it was actually a security patch), etc."

"There are people that don't like being notified of updates," Strong said on the same Mozilla discussion group . "There is 'no one size fits all' behavior for this that will please everyone."

Strong also took exception to the use of the term "forced" to describe how Firefox would keep users up-to-date. "As for 'forced' update ..., Chrome accomplishes this in part by forcing the install of Chrome into the user's profile which has a set of issues associated with it that we don't want to have, so we aren't taking that route," he said.

Mozilla isn't the only major developer toying with changing how its users receive patches: Adobe has added a silent updater to Reader and Acrobat, for instance. At the moment, users must manually switch on the new tool, and Adobe has said it has no plans to enable fully-automated updates without some kind of user permission.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags securitybrowsersGooglesoftwareapplicationsmozillaMalware and Vulnerabilities

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Gregg Keizer

Computerworld (US)
Show Comments

Brand Post

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Andrew Teoh

Brother MFC-L9570CDW Multifunction Printer

Touch screen visibility and operation was great and easy to navigate. Each menu and sub-menu was in an understandable order and category

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?