Like Google's Chrome, Mozilla To Silently Update Firefox 4

CWmike writes "Taking a page from rival Google's playbook, Mozilla plans to introduce silent, behind-the-scenes security updating to Firefox 4. The feature, which has gotten little attention from Mozilla, is currently 'on track' for Firefox 4, slated to ship before the end of the year. Firefox 4's silent update will only be offered on Windows, Mozilla has said. Most updates will be downloaded and installed automatically without asking the user or requiring a confirmation. 'We'll only be using the major update dialog box for changes like [version] 4 to 4.5 or 5," said Alex Faaborg, a principal designer on Firefox, in the 'mozilla.dev.apps.firefox' forum. 'Unfortunately users will still see the updating progress bar on load, but this is an implementation issue as opposed to a [user interface] one; ideally the update could be applied in the background.' Unlike Google, Mozilla will let users change the default silent service to the more traditional mode, where the browser asks permission before downloading and installing any update."

silent, or totally invisible

[gbjbaanb]

to be honest, I'm not so worried about this - its only a browser, and I install all those security updates anyway. What I'm not so keen on is the "silent, in the background, don't bother the user" implementation. I'd like to know that it is doing it, pop a little UI element on the status bar that says "updating latest version now" and then gets on with it, and then puts a little version marker somewhere so I know its been done.

Be polite to your users, be open in your communication, inform us. (and a link to the things that were fixed if you click the version number would be a nice to have)

Re:silent, or totally invisible

[Kozz]

In fact, I welcome this update! It was hard enough getting those less-than-savvy relations to use Firefox, but even getting my WIFE to update FF is a chore. Automatic updates for these folks will be especially welcome. It's depressing to be on the cutting edge of FF public releases only to visit your mother and find she's still running FF 2.0.17 and has been ignoring the update suggestions forever.

Re:

[Anne_Nonymous]

>> has been ignoring the update suggestions forever

If fewer updates broke things, people would be more inclined to update (not just Firefox, but software in general).

Re:silent, or totally invisible

[toleraen]

Can you name five security updates in the last two years that actually broke functionality for you? Not that my installation base is that huge, but I can think of maybe two updates out of hundreds where some level of functionality was actually lost to the average user.

Re:

[Fumus]

At first I also thought that this is an annoying move, but then your post made me realize that my family is the same. Each time an update window appears they want me to come over and see what is it because they don't know and "Do you want to update?" is just as alien to them as "would you like to polarize the photon deflectors now?"

I welcome this change now that I have realized what it truly means. As long as there is a fairly easy way to enable the nagging screen if you want it, then I won't mind it being

Re:

[RJFerret]

So far computers aren't intelligent, nor smarter than their users (despite opinions to the contrary), they generally pick the worst time to try to do updates.

There currently isn't a way for a computer to predict when it's getting in your way (hint, right at boot-up is the worst time, as I turned on the computer to get something done). Until then, there should be a clear indication it WANTS to update, with user ability to postpone for a specified period without distraction/interference.

Computers and other t

Re:

[icebraining]

A better method would be for the OS to have an updating control, like on the Windows task bar, with progress meters for various software, with controls to aborting, pausing without anything hidden/secretive/subversive/untrusted.

Sure, give the users the ability to have background updates for those who prefer it, even provide an OS control so that you don't have to tell each individual piece of software that's your preference, that would be great. Thankfully Firefox is not inhibiting user control--yet (or I'd

Re:

[bgfay]

This is smart thinking. The process should be easy but not invisible. I like that Chrome does a lot of things easily, but don't like that I don't know about those things. It leads to the sudden "this thing doesn't work anymore" syndrome where things break with no seeming reason.

That said, I hate that Firefox has to be restarted to install add-ons. Things like that aren't good enough. I should be able to install the add-on and use it immediately.

Combine the two ideas: tell me that my program is being updated

Re:

[clone53421]

No; exactly the opposite... “ideally the update could be applied in the background”? About freaking time someone figured that out.

If they can find a way to do it without opening security holes, I’m all for it. Hell... there’s nothing dumber, IMHO, than restarting my browser just to install the update that it downloaded.

Make it optional. You want to vet each update? Fine. You want to turn it on and forget about it? Also fine. We have auto bill-pay so we don’t even have to think

Re:

[LifesABeach]

Maybe a Check Box that states, "I don't want to see this message again", would be useful? And the programming to do it is relatively straight forward.

Openness of Communication has been the Fan and Light for the "Smoke and Mirror" types out there. This simple fact acts like a salt on an open wound to every "Secret by Silence" business model I have been exposed to. I proudly state to BSOD victims that one of the most successful aspects of Openness is that the bad guys are shut down in to two to three wee

Re:

[wwphx]

I HATE Google doing this! In fact, I ripped out Picassa and Chrome on my Mac because of these silent updates. I don't have a problem if this was a configuration option set on during install that I could turn off, but it isn't. Since Firefox will allow it to update in the traditional manner, I'm fine with that, but I HATE it being done silently in the background!

I have found that there is a way to block Google's silent update on a Mac, it basically requires creating an empty file in a certain directory

Re:

[Anonymous Coward]

I wrote a script to disassemble all the programs on my computer to check for comments which say "start keylogger".

Re:silent, or totally invisible

[Seth Kriticos]

This is not necessary. Linux distributions come with package managers and update systems that take care of upgrading everything on your system including your browser.

This kludge is only brought to the Windows version, because there is no coherent system to update third party software and the popups got old.

Re:

[Netshroud]

If only someone brought Sparkle [andymatuschak.org] to Windows...

Re:

[Yaa 101]

If you install a Mozilla version in your user account by hand then the automatic update functionality works fine, the versions that come through the package manager are often outdated.

Of course they have to be more secure because they are installed system wide, that is the reason for being outdated it takes time to patch.

So they are 2 different concepts with the same product.

Re:

[Yaa 101]

I am referring to GNU/Linux

Re:

[ultranova]

Most users don't need or want that updating status or whatever because it confuses them.

Most users need to know when something has changed so they can associate any potential breakage with the correct event.

The more computers act like magical black boxes, the harder it becomes using them.

Re:silent, or totally invisible

[siride]

If things break, users probably won't be able to fix them without calling someone for help. It's easy enough to check whether there has been an update.

My mom, for example, frequently fails to tell me of important events like software updates when things stop working. Instead she just tells me that "the Internet stopped working today" and other vague things like that. I have to dig to find out that she upgraded such and such, or disabled this or that.

So I say either you are savvy enough to turn off silent updates, or at least check to see if there's been an update, or you aren't savvy enough for knowledge of updates to be useful to you directly.

Re:

[clone53421]

No; the more computers act like magical black boxes, the easier it becomes using them. It becomes harder to fix them, if you don’t understand how the black box works.

Ideally I want to understand it. But for day-to-day use, I’d just assume forget, in a practical sense, that I know about it, and treat it like a magical black box. As long as it does what I want and expect, I’m satisfied. If it doesn’t, or if my expectations change, I have the knowledge to figure out what’s wrong o

Re:

[Tumbleweed]

Most users need to know when something has changed so they can associate any potential breakage with the correct event.

Most users are complete dunderheads when it comes to anything resembling logic. They don't associate anything with anything. Giving mental ammunition like information to someone who's mental weapon is a broken slingshot is rather pointless. But giving them something that will automatically protect them in the VAST majority of real world use cases, is a great idea, and far more valuable than

Welcome to the Mozilla botnet ...

[Lazy Jones]

... silent updates suck.

Re:Welcome to the Mozilla botnet ...

[fearlezz]

Yes. Silent updates suck. Well at least, for people that want to control their own computer, it does. But for my sister, my dad, my great aunt and all these people that think i'm their personal helpdesk, this is perfect. I've seen so many family members who had 2 year old browsers and stuff...

Re:

[Trelane]

Yes. Silent updates suck. Well at least, for people that want to control their own computer, it does.

Fortunately, you (or someone or collection of persons you trust) have the source, can build it, use it, and redistribute it. Thus, you don't *have* to use the software with silent update functionality, even if you keep using the browser itself. (though you'll lose the branding; call it "iceweasel" perhaps ;)

Re:

[kbrosnan]

The devs already said that this is going to be a preference.

Re:

[Trelane]

Sure, and if that's not good enough for you, you still have options.

Re:

[fluffy99]

Yes. Silent updates suck. Well at least, for people that want to control their own computer, it does.

Fortunately, you (or someone or collection of persons you trust) have the source, can build it, use it, and redistribute it. Thus, you don't *have* to use the software with silent update functionality, even if you keep using the browser itself. (though you'll lose the branding; call it "iceweasel" perhaps ;)

And what percentage of Windows boxes even have a compiler installed, much less a user who know how to use it? Are you really going recompile by hand everytime you get an update? Yeah, I thought so.

Re:

[NotBorg]

Yes. Silent updates suck. Well at least, for people that want to control their own computer, it does. But for my sister, my dad, my great aunt and all these people that think i'm their personal helpdesk, this is perfect. I've seen so many family members who had 2 year old browsers and stuff...

There's a lot of truth here.

Often the only updates that happen are automatic or silent. If they aren't automatic they typically don't happen. The silent updates that I speak of are when geeks like me do it for their

Re:

[FooBarWidget]

Bullshit? "Force"? Then what part of "Mozilla will let users change the default silent service to the more traditional mode, where the browser asks permission before downloading and installing any update" did you not understand?

Re:

[Macthorpe]

Opera doesn't force upgrades on it's users - or are you using a different definition of 'force' from the rest of us?

Re:

[maztuhblastah]

My root partition is read-only.

Good luck updating my software without me sitting a root prompt, jerks.

I love Mozilla

[Voulnet]

I love Mozilla. They can do no wrong! If Apple fanboys and MSFT apologists can do it, so can I!

As long as the browser asks for permission

[nebulus4]

why would this be considered a bad idea?

Re:As long as the browser asks for permission

[Anonymous Coward]

I don't mind if the browser asks. It looks like they are going to default to silent updates unless you change the setting. They only way I can see this as a bad idea for the non-techinical user is in the case where Mozilla screws up and a patch hoses up the browser or operating system itself (and don't act like that can't happen because it has for other software, even if it wasn't Mozilla that did it, it could still happen.)

FTA (bolding mine):

Firefox 4's silent update will only be offered on Windows, Mozilla has said.

Most updates, including all security updates, will be downloaded and installed automatically without asking the user or requiring a confirmation, said Alex Faaborg, a principal designer on Firefox. ...

Unlike Google, Mozilla will let users change the default silent service to the more traditional mode, where the browser asks permission before downloading and installing any update.

Re:

[asdf7890]

why would this be considered a bad idea?

Some take exception to their software installing stuff (even updates) without their express permission (or request), or to software refusing to run until it is updated (MS's IM client does this, or so I'm told). There are a number of reasons why you might want to hold back on an update - perhaps you are a dev who want to keep old versions around for testing how their pages work in older versions that have certain issues, or perhaps you just prefer to hold back a day or so to make sure there are no massive b

Re:

[asdf7890]

Also (missed this from my previous post) I don't want my browser deciding it want to download an several Mb update while I'm connected via a very slow cellular connection (i.e. GPRS in area with no 3G or wifi coverage) trying to get something done with what little bandwidth is available in such circumstances.

Re:As long as the browser asks for permission

[Anonymous Coward]

There is a potential security issue too: what if someone manages to hack Mozilla's DNS to point to a malicious site pretending that there is an update (which introduces malware)? I hope they are planning on properly signing and verifying updates to deal with this possibility.

Unlike many others, Mozilla already does sign it's updates.

Re:

[MonsterTrimble]

I think on a fresh install or upgrade to FF4, make the silent updating an opt-in. If you want it, you got it. Otherwise you stay traditional.

Myself, I would like to stay traditional on updates, but that's me.

Re:

[Anonymous Coward]

Just take a hint from the silent updates that Windows does;

Do you want Firefox to be updated automatically?
(x) Yes, check for updates and install automatically (recommended).
( ) No, notify me but I will decide to install updates myself.
( ) Do not check for updates (not recommended).

Note: with automatic updates, you will still be asked for permission to instal major updates.

Re:

[hedwards]

This isn't really limiting their choices, it's just requiring them to take a step to opt out if they like. Sort of like the move to automatically enrolling people in their companies 401k unless they opt out. Since most people do opt in or at least want to do it, doing so gives most people what they want without having to do any work. Those that don't want to have ample time to opt out if they choose to.

And sometimes it is the appropriate thing to do. Sane defaults dictate that sometimes the default be in

Choice vs. Sleek

[Amorpheus_MMS]

I like that a lot of what makes Firefox different from Chrome is due to the "we'll let users decide how they want it" approach instead of just telling them how it's going to be done.

Re:

[Nerdfest]

It does sound like there will be a setting that can be changed, but the default is silent install.

OMG!

[pushing-robot]

Mozilla is stealing our freedoms with communist security updates!

...Seriously, folks, they're just automating the updates that everyone installs already. It saves us time, which last time I checked was a valuable commodity.

Re:

[siride]

If you read the damn summary, you'll see that you can turn off silent updates.

Re:

[apoc.famine]

Being able to deny an update adds another layer of security to users' computers...

No, it does not. At least not on the net average. For you or I? Sure. But my mom and dad, my sister and her boyfriend, the kids I used to work with all use Firefox. And their reliability is nonexistant. If it asks them for permission, half the time they say ok. If it pops up when they're trying to type something, they close it and ignore it.

If Firefox never pops anything up, but stays updated, that's a huge step up in security for the majority of users. If they can be trained NOT to just click 'OK' on dia

Re:

[Miseph]

Communism and capitalism are two sides of the same coin, and the whole coin is morally neutral. The problem comes when you let greedy, sociopathic tyrants flip the coin... then it becomes a matter of which terrible outcome you get, not whether you get one.

Silent updates are not ideal.

[aussersterne]

I get more complaints from family and friends about "slow computers" than anything else, and usually these are all about silent background updates in the end. It's damned near impossible to explain to someone that's not computer literate what and update is, how it's affecting their computer, why it's necessary that the update gets installed, etc. They don't even know what Firefox is ("You mean my Internet?") much less any of the other things. Even my wife struggles to comprehend why there's always an update running; she tends to think I'm lying or dismissing her concerns. Every single application running on her computer does silent background updates:

Windows
Office
AntiVirus/Firewall Software
Adobe Flash Player
Adobe Reader
Sun JRE
Nero
Skype
etc.

Even tiny little apps from the vendor do this... Volume control, display control, trackpad control, blah, blah...

Another background process running automatic updates each and every icon in the tray and for each and every folder and application in the Start menu, as well as for browser plugins, third party configuration tools/extensions, drivers, etc.

At the very least they should try to display a notification somewhere on the screen saying "Updating XYZ, may slow your computer..." each time they do this, rather than silently saturating an internet connection (as 10 different updaters are in competition with one another), a CPU, and/or a hard drive's activity.

Re:

[tcdk]

I've a older (winXP) notebook that I use sparsely, if it's been off-line much more than a week, it needs about 15-20 minutes on first boot for updates, before I can use it.

Re:

[fearlezz]

I installed the nvidia driver on my Linux system from the rpmfusion repository. When I run "yum update", yum updates both normal Fedora updates and nvidia driver updates. I could even configure yum-updatesd to update all packages without me even noticing.

Why can't it be this simple on windows? Windows update on Vista/Win7 is okay for updating microsoft software. Now if only third parties could add their own 'repositories' to windows update, this would make updating a lot easier, and computing a lot safer.

Re:

[tepples]

Now if only third parties could add their own 'repositories' to windows update

How much would Microsoft and Microsoft's certificate authority partner (that is, VeriSign) charge third-party application publishers for such a service? And how would developers of Free applications for Windows be able to afford it?

Re:

[evanspw]

most of those can be set to manual update, or at least a notification that an update is ready to download. i know that's got it's downside too.

Re:

[Jorl17]

You forget that browser updates matter. And, in theory, OS security updates should as well. So let's not say that silent updates are not ideal for all cases. They're not ideal for stupid and silly apps that you shouldn't be supporting any way (woops, broke the rule of not bashing useful but bloated apps -- kill me!; woops, did it again!)

Re:

[at_slashdot]

Hopefully Windows (Microsoft) will implement a repository system like in Linux distros. There's no reason to have EACH program run an updater for itself. Or, if you don't like the Linux example think of Apple app store....

Re:Silent updates are not ideal.

[hedwards]

Linux can do that because virtually all the software is free either pricewise or GPLed. In which case most of those people are thrilled to have somebody else picking up the tab on the distribution and advertising. In the Windows world, that's not really the case. Much of it is commercial software and the freeware and opensource stuff is so numerous that I doubt MS is interested in taking on the responsibility and cost of hosting those files.

Re:

[at_slashdot]

Two words: App Store. Apple can do it. They even make money out of it. GPL and free software is a red herring.

Re:

[apoc.famine]

What the hell are you talking about? OSX does NOT have a central repository for updating programs. I get spammed only a bit less than windows for updates to the various programs I have installed on OSX. If you're talking iPhone specifically, then you're talking about programs which Apple distributes being updated by Apple. This is not what is being talked about here - these are programs that are distributed by a large number of companies, being updated by those companies specifically. And that's the problem

Re:

[at_slashdot]

Is your solution to have Microsoft distribute all the windows programs in the world?

No, but it could distribute or _facilitate_ the distribution for the most common programs. I don't expect my Linux distro to distribute all the programs available on Linux but I'm happy with the 20k+ that it does distribute, among them Firefox and Chrome, neither has to use computer resources to check separately if there's an upgrade available. I get Chrome as soon as is released, Firefox usually takes a while until is packaged for my distro.

But I hope you realize that having each program check independentl

Re:

[dbcad7]

Poor, poor, pitiful Microsoft.. can't be bothered with the cost of maintaining a repository of trusted and tested programs, like the fat cat big spenders on the Linux distro world.. but it's ok, their other approaches to security are working so well.. Don't kid yourself, that it's a "cost" issue, or am issue of "too many" applications.. The REAL REASON they don't follow suit with a repository system, is that there are whole industries built around the system they have.. Thousands of little Dutch boys would

Re:

[siride]

It doesn't need to have a repo system. It just needs to have a standard protocol for installation and update. Programs, once installed, can register with the update service, point Windows to the update URL source and then when there's an update, Windows can do it all in one batch.

Signed with what certificate?

[tepples]

The protocol could also require signed updates

Signed with a certificate issued by whom, purchased with what money? A company like Mozilla Corp could afford it, just as it can afford the Authenticode certificate to digitally sign Firefox Setup, but individual hobbyist developers of freeware and free software likely can't spare 200 U.S. dollars per year plus whatever their state charges to form a business entity.

Re:

[Anonymous Coward]

This is why i hate that OSes... well, Windows, hasn't got a decent package manager.

Auto updates could easily be handled through a single program for the entire OS.
All you do is just add to a file or registry item where the URL is, current version number, date / frequency of check and an optional "where to extract this to" for non-install archives.
Then you can make whatever damned EXE you need to make for doing updates then, whether it is Chromes silent updater or a Windows updates.
Windows Task Manager != an

Re:

[bhtooefr]

There is a solution to that, but the Windows implementation that I've seen was downright dreadful. (Well, the one that works for third-party software...)

Have all applications register with an updater program that checks for updates when the machine is idle.

The problem is, there's two choices I've seen: Windows Update, which is really just for Microsoft software (but works fairly well for that,) and InstallShield Update Manager, which is great in theory... but in practice, it doesn't respect settings to not

This is problematic and I hope it can be disabled

[Anonymous Coward]

This is problematic on slow links where every byte is precious (dial-up)

This is problmeatic on expensive links where every byte costs money (satellite, cellular)

This is problematic in managed environments where the end user does not have write-permission to the filesystem containing the software

I hope it can be disabled.

Re:This is problematic and I hope it can be disabl

[FooBarWidget]

"And I hope it can be disabled"

Read the summary.

Re:

[MpVpRb]

This is problematic on computers used as digital audio workstations, where background processes can cause glitches in playback

Re:

[Nemyst]

RTFS please, even if you don't read anything else.

Unlike Google, Mozilla will let users change the default silent service to the more traditional mode, where the browser asks permission before downloading and installing any update.

Why is this even modded Insightful?

Re:

[Ant P.]

Because illiteracy isn't just for ACs, it extends to people with mod points too.

How to disable updater only on pay-per-bit?

[tepples]

Anonymous Coward wrote:

Disable the update if you don't like it.

Can you recommend an easy-to-understand user interface to configure the updater to disable itself when on a pay-per-bit connection to the Internet yet reenable itself when on a less strictly metered connection (such as a home LAN or a restaurant hotspot)?

I agree

[Jorl17]

At the risk of being /. assassinated, I have to say that I agree with this. Particularly because it is possible to disable such a feature.

Non-techie people don't get a thing about browsers, updating, security, etc. The medium-techie usually want to be all updated, so will update to even RCs and Betas if they find them out. Techie guys, us, do whatever they want, but I believe that they want to be in control and know what's going on -- thus, they'll disable such feature.
But especially for the non-techies, this is a way of getting free security upgrades. The upgrades will probably be carefully chosen so that there are no compatibility issues -- and if there are, non-techie to medium-techie users won't care that much.

All in all, it is good for people who don't care, and enables us who care to keep things the way we want it.

Re:

[Nerdfest]

I won't disable automatic updates, but I will disable silent automatic updates. When something stops working, I generally look at what has changed. If I don't know what to look at, it makes things very difficult to debug.

User Account Control

[Crock23A]

I wonder how this will get around UAC, a substantially annoying feature of Windows Vista/7. Will they be installing firefox to the user's home directory? Will it be sand-boxed from the OS? I admit I haven't done much looking into the pre-release so I apologize for any ignorance I might be showing.

Re:

[Rockoon]

I also thought about this almost immediately. You cant silently do anything under /Program Files/ or /Program Files (x86)/ without administrator rights.

Is it their intention to install the binaries/etc some place that doesnt require admin rights to modify them? How could that possibly be safer/better?

Maybe instead they intend to install a service set up with admin privileges. How is an extra service, with admin and network access rights and intent on modifying /program files/, safer/better?

Updates sho

Updater need not have network access

[tepples]

How is an extra service, with admin and network access rights and intent on modifying /program files/, safer/better?

The updater service can be audited separately because it is a much smaller program than Firefox itself. After the main app has finished downloading the update package to the Local Settings folder in the user's home directory, it starts the updater service. The updater service itself does not connect to any network; all it does is verify the digital signature of the update package and then replace the executable with the updated copy. I don't know how Windows ACLs work in depth, but if the updater runs as a

Re:

[Rockoon]

I don't know how Windows ACLs work in depth, but if the updater runs as a user that can't write outside /Program Files/Mozilla Firefox, that's another way to limit the damage it can do.

It can't if it runs as a regular user. Thats sort of the point.

The article summary claims silent updating, so the service can't run as the logged in user.

Re:

[sadler121]

Chrome has it's exe in APPDATA, that is how they get around UAC.

Restart after update?

[hcdejong]

Until now, FF updates require a restart. The update may be silent, but the restart is still going to require user notification. So what's the advantage here?

Re:

[PRMan]

I imagine it would wait until the user restarted Firefox...

Re:

[tepples]

I imagine it would wait until the user restarted Firefox...

Which gets into cases where a user leaves Firefox open for days, putting the computer to sleep instead of shutting it down.

Re:

[apoc.famine]

Adobe has created a fix for this...just install flash...

You thought you'd sneak that by me?

[bursch-X]

Nah, little Snitch will tell me. I really do hate that Google Chrome feature; just when I least expect it one of the Google background processes is for no apparent reason trying to connect to certain sites. Makes me wary, even if for the right reasons some software tries to sneak in any update without telling me. Even Apple gives me more freedom there.

More Mozilla Fail

[duffbeer703]

I'd love to be able to actually deploy and maintain Firefox in the large enterprise that I work in. Users want it. Unfortunately, users don't have admin rights, and Mozilla makes applying updates and configuring the browser from a central location difficult and has a history of not thinking about and actively shooting down any proposals which would potentially benefit system administrators trying to support Firefox.

I don't get why they don't get it.

Re:

[Ant P.]

I saw the whole trainwreck (bugzilla bug 18574) unfold over several years. The libmng developers deserve medals for their effort - every time the goalposts were moved and they were ordered to make the library fit into an (intentionally) impossible small size, they actually did it.

Thanks for another useless, proprietary format that none of us can use, Mozilla. Open Web my fucking ass.

Re:

[account_deleted]

Comment removed based on user account deletion

Egad. Use intelligent defaults.

[ccady]

How stupid! Show the user the dialog box, and put a checkmark on it which says (approx) "Don't notify me of these updates anymore, just do them."

Re:

[genner]

How stupid! Show the user the dialog box, and put a checkmark on it which says (approx) "Don't notify me of these updates anymore, just do them."

What's an update?
Son quick get in here, I got a virus!

Re:

[Nemyst]

People ignore update dialogs. Why do you think they wouldn't ignore that, too?

What if I'm not an administrator?

[wiredlogic]

I don't normally run as administrator on my computers. I have installed Firefox as an admin., though, and I must use that account for updates. This is slightly annoying with Firefox because I get update nag notifications under my user account which can't be used to perform the updates. I don't always want to go through the hassle of shutting down my current session and switching accounts for the latest update. I hope this new feature can be turned off to avoid additional problems with the update process.

Bad Move

[JeremyGNJ]

Wow, these companies are really shooting themselves in the foot when it comes to corporate adoption.

No right-minded SysAdmin would want this sort of thing in their environment. While I understand that you CAN turn it off, Im willing to bet (without caring enough to actually look), that they have neglected to add any security features that would prevent an end user from turning the "auto update" back on.

Standalone

[EnsilZah]

As a windows user I'd like to see a big player like Mozilla release a standalone updater that all the other software can use so every app doesn't have to check for updates on its own and use its own halfassed update method.

30 euro phone bill in a sort time

[El_Muerte_TDS]

Silent updates is the reason why I received a 30 euro phone bill for a few minutes.

I was on holiday, and let a friend use my laptop and telephone to send an important email (it was party invitation, nothing more important than that). And of course... I forgot to displace all things that would silently try to update whatever they could when a network connection was found. Withing a short time, a few megabyte was downloaded. And mobile data from a foreign country is more expensive than HP ink.

So please mozilla, provide a nice toggle though the preferences screen to change this, an not through a about:config option.

Re:

[fearlezz]

If the software is installed with the privileges to install system-wide, it think can install an service with privileges to update as well. So that shouldn't be a problem.

Re:

[DrSkwid]

I have installed by the Administrator account and then Unpriv users can't do updates, it requires manual intervention.

So instead we'll get "couldn't silently update" dialog boxes !

Re:Really?

[Tubal-Cain]

Who exactly is running their web browser with the privileges required to install an update?

Virtually everyone.

Re:Leave the question!

[the_other_chewey]

Maybe a user doesn't like the new 4.0 look and wants to stay at 3.5? Give the user a box and ask. Do not change this behavior!

Congratulations for not even reading the summary: They will only do silent updates for
minor versions, i.e. security and stability updates.

The question will be kept for major updates, like 3.x to 4.

Re:

[Dunbal]

The beauty of open source - you don't like it, fork it.

Re:

[MysteriousPreacher]

That and these hidden updates could cause problems in the corporate world. Normally when browsers are updated I see vendors advising users to wait until the browser has been tested. That mostly applies to major updates, but any kind of update could patch a hole that a web application relied on - or introduce a new bug.

Re:

[siride]

Dude, you can turn off silent updates. I know nobody reads the article, but at least read the summary before frothing at the mouth about a non-problem.

Re:

[siride]

I assume that if it bothered you that much, you'd probably search for a way to turn it off. The summary did say that you will still know when the updates are being applied with a progress bar, it just doesn't ask you or go through a whole hullaballoo to install updates.

Re:

[ThePhilips]

They have essentially reached the point of time when there was no competition (technologically, *) left, and interpreted the achieved stability as a stagnation. And that freaked them out and they set out to destroy themselves by screwing up what was working perfectly before.

Kidding. FireFox's focus was always a grandma type of user. The moment when they say goodbye to their tech savvy audience was ought to come and I believe it is upon us. It started in 2.x with some enhancements one couldn't turn off (

Re:

[Khuffie]

Opera is cluttered [tinypic.com]? Any extra features you don't use are disabled (ie, if you don't use the built-in mail client, it's not running).

Re:

[cbhacking]

I realize this may seem like sacrilege on /. but IE8 plus an extension called IE7Pro (which despite its name works great on 8) gives Firefox a good run for its money. It's actually more secure in some important ways (sandboxing, ASLR), includes ad-blocking out of the box (set the registry key to enable InPrivate Filtering on every startup) and Flash filtering (under the Flash add-on options, delete the Use on sites: *.* then you can manually add sites when they request it) and while its JS engine is weak co