Silent auto-patching coming in Firefox 13

Summary:The silent auto-updater means that startup and shutdown of the open-source web browser won't be affected by installation routines. It will also ensure a wider distribution of security fixes.

Mozilla plans to add a silent automatic patching utility into Firefox 13 as part of a plan to "cater to update fatigue."

Firefox currently offers an automatic updater but the process is not silent and requires that the end user click to apply the patch after it's downloaded.

With the silent updater, Firefox security patches will be downloaded and installed silently in the background.

follow Ryan Naraine on twitter
"It means that startup and shutdown of the web browser won’t be affected by installation routines," says Robert Nyman, a technical evangelist at Mozilla.

Additionally, the "What’s New" page displayed after an update can now be displayed depending if there is important information needed to be displayed to the end user, Nyman added.

Computerword's Gregg Keizer reports that Firefox 13 is due in June 2012.  Mozilla currently ships Firefox updates on a six-week cycle.

Google has fitted a silent auto-updater into the Chrome browser and there is word Adobe will do the same for its Flash Player software.

[ SEE: Study: Silent patching best for securing browsers ]

For years, security practitioners have argued against silent patching, warning that end users should know — and consent to — what’s being changed on the machine but, according to a study conducted jointly by Google Switzerland and Swiss Federal Institute of Technology, the silent updaters in browsers enhance security:

With silent updates, the user does not have to care about updates and system maintenance and the system stays most secure at any time. We think this is a reasonable default for most Internet users. Further more, silent updates are already well accepted for Internet Web applications.

…Our measurements prove that silent updates and little dependency on the underlying operating system are most effective to get users of Web browsers to surf the Web with the latest browser version. However, there is still room for improvement as we found. Google Chrome’s advantageous silent update mechanism has been open sourced in April 2009. We recommend any software vendor to seriously consider deploying silent updates as this benefits both the vendor and the user, especially for widely used attack-exposed applications like Web browsers and browser plug-ins.

ALSO SEE:

  • Adobe working on new automatic (silent) updater
  • Firefox 6 patches 10 dangerous security holes
  • Mozilla knew of Pwn2Own bug before CanSecWest
  • Researchers hack into newest Firefox with zero-day flaw
  • Topics: Browser

    About

    Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content managem... Full Bio

    zdnet_core.socialButton.googleLabel Contact Disclosure

    Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

    Related Stories

    The best of ZDNet, delivered

    You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
    Subscription failed.