Silent auto-patching coming in Firefox 13

Silent auto-patching coming in Firefox 13

Summary: The silent auto-updater means that startup and shutdown of the open-source web browser won't be affected by installation routines. It will also ensure a wider distribution of security fixes.

SHARE:
TOPICS: Browser
9

Mozilla plans to add a silent automatic patching utility into Firefox 13 as part of a plan to "cater to update fatigue."

Firefox currently offers an automatic updater but the process is not silent and requires that the end user click to apply the patch after it's downloaded.

With the silent updater, Firefox security patches will be downloaded and installed silently in the background. follow Ryan Naraine on twitter "It means that startup and shutdown of the web browser won’t be affected by installation routines," says Robert Nyman, a technical evangelist at Mozilla.

Additionally, the "What’s New" page displayed after an update can now be displayed depending if there is important information needed to be displayed to the end user, Nyman added.

Computerword's Gregg Keizer reports that Firefox 13 is due in June 2012.  Mozilla currently ships Firefox updates on a six-week cycle.

Google has fitted a silent auto-updater into the Chrome browser and there is word Adobe will do the same for its Flash Player software.

[ SEE: Study: Silent patching best for securing browsers ]

For years, security practitioners have argued against silent patching, warning that end users should know — and consent to — what’s being changed on the machine but, according to a study conducted jointly by Google Switzerland and Swiss Federal Institute of Technology, the silent updaters in browsers enhance security:

With silent updates, the user does not have to care about updates and system maintenance and the system stays most secure at any time. We think this is a reasonable default for most Internet users. Further more, silent updates are already well accepted for Internet Web applications.

…Our measurements prove that silent updates and little dependency on the underlying operating system are most effective to get users of Web browsers to surf the Web with the latest browser version. However, there is still room for improvement as we found. Google Chrome’s advantageous silent update mechanism has been open sourced in April 2009. We recommend any software vendor to seriously consider deploying silent updates as this benefits both the vendor and the user, especially for widely used attack-exposed applications like Web browsers and browser plug-ins.

ALSO SEE:

  • Adobe working on new automatic (silent) updater
  • Firefox 6 patches 10 dangerous security holes
  • Mozilla knew of Pwn2Own bug before CanSecWest
  • Researchers hack into newest Firefox with zero-day flaw
  • Topic: Browser

    Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

    Talkback

    9 comments
    Log in or register to join the discussion
    • I like my control, thank you

      I set up my Linux and Windows systems so that they're updated when I decide they should be updated, not MS or whatever Linux distributor I happen to be using decides. I want to continue to be able to do the same thing with FF.
      John L. Ries
      • This is a good thing.

        Most users DON'T upgrade their tech like they should, and with Firefox, you never really know when an update is availalbe unless you look. For 99% of users out there, auto-updating is a needed feature. Chrome has it, IE is getting it, and now Firefox. I keep telling fellow techies that technology needs to work [I]for[/I] the users, not against. Techies seem to forget that they are the 1%, and that they are not on the minds of developers when they dream up these features.

        Like it or not, the browser is at the forefront of the security world, and this is a much needed feature for consumers looking to stay safe.
        The one and only, Cylon Centurion
        • That's all well and good

          I don't necessarily disagree with you in principle, but in practice it might have some unexpected problems. For example, if you have an add-on that works in version 13, but not version 14 (just as an example), you may be in for somewhat of a nasty shock.

          I don't oppose having this option available, but I do think that for power users, the option should be kept available to just check for updates (and by that, i mean that clicking "check for updates" only checks for updates, instead of downloading or installing them right away).
          Third of Five
    • I Prefer to do it manually

      Too often an update messed with something, I update regularly but manually.
      I would rather update when I wish to which is fairly often but not before I am about to do something important. I hold off the update till afterwards.
      MoeFugger
    • auto

      If you are convicted of moving traffic violations or of causing an accident, your auto insurance premiums will likely go up, no matter what your age. Drivers with clean records no tickets, no accidents pay the lowest rates at "Clearance Auto" website
      martyzjohnson
    • auto with opt

      The best way is to default to auto because most users don't know or understand the importance of updates, some get false information that updates are bad. The best way is for the system to constantly seem likes its working like nothing has changed, even though it may actually be getting weekly security updates in the background.

      Of course, power users who want or need to know about every change that is happening of their system should get that option. But most users need an automatic and silent updater.
      avatoin1
    • Good idea, but have they even earned the right to do it?

      I run XP, but I do as the experts recommend, and [b]I don't run as Administrator[/b]. Firefox's self-update had a very hard time with that. It downloaded the update, and then [b]install failed[/b]. I think it got worse from there -- it failed again, until I logged on as Administrator and updated successfully. But then, when I returned to the non-Administrator user, it was still confused. The downloaded update was still pending, so it tried and failed to install, but kept reminding me. I had to manually delete the update, to [b]rescue[/b] my Firefox installation. (Temporarily making the user an Administrator might have fixed it too.) How will you update where the user is not an Administrator? Ask for a password??
      Somehow Google Chrome doesn't install on the "whole computer", so it doesn't need Administrator rights to install. It does a local, per-user install, with a separate copy for each local user who installs it, in "C:\Documents and Settings\%username%\Local Settings\Application Data\Google\Chrome\Application". (Each user gets a separate uninstaller too, under Control Panel:"Add or Remove Programs".)
      [By the way, if Opera's bookmarks worked as nicely as Firefox's, I would have already switched to Opera.]
      dv5678
    • Terrible Idea When it Comes to the FlamingFox

      The flaming fox is well know for it's addon-breaking abilities with new updates, this idea of auto updating is just gonna make more fukn worse than it already is; imagine your ad-dons to be getting deactivated while you need them most.

      It's about time I permanently stopped using FlameFox, currently opening it, like once every two months, just to install updates.
      MrElectrifyer
    • Silent Updates w/o User Approval EACH Time????

      Not bloody likely on my system! And that means if I have to STOP updating FF and/or change browsers, I will! And that choice needs to be honored EACH and every update after it's set by the User the first time as well. So none of this resetting it to "Silent" w/ no user approval each new update either.

      I need to maintain control of WHEN my updates are applied to my system. ALL updates, so "Silent Updates" is fine provided all my software asks me each time. Now you can call that "Noisy Updates" if you want but I require it.
      QO