For years, security practitioners have argued against silent patching, warning that end users should know — and consent to — what’s being changed on the machine but, according to a study conducted jointly by Google Switzerland and Swiss Federal Institute of Technology, the silent updaters in browsers enhance security:
With silent updates, the user does not have to care about updates and system maintenance and the system stays most secure at any time. We think this is a reasonable default for most Internet users. Further more, silent updates are already well accepted for Internet Web applications.
…Our measurements prove that silent updates and little dependency on the underlying operating system are most effective to get users of Web browsers to surf the Web with the latest browser version. However, there is still room for improvement as we found. Google Chrome’s advantageous silent update mechanism has been open sourced in April 2009. We recommend any software vendor to seriously consider deploying silent updates as this benefits both the vendor and the user, especially for widely used attack-exposed applications like Web browsers and browser plug-ins.