

Why silent [browser] updates boost security - bonaldi
http://www.techzoom.net/publications/silent-updates/index.en

======
reduxredacted
It depends on the update . . .

I'm currently hosting a series of meetings where we are certifying all of our
existing IE 6 and IE 7 based applications for IE 8. Much is broken because of
hacks necessary to make these sites work properly in older versions of the
browser.

While I'll be the first to say that we apply the IE Cumulative Updates the day
after release ... silently ... to every PC in our company, we wouldn't dream
of deploying a major browser update without reviewing it. Anymore, 99% most of
our applications are browser based. A major browser update (Firefox 2.0 -> 3.0
or IE x.0 to IE x+1.0) can be as impacting as upgrading the operating system
silently.

Yes, yes, I know. We standardized on IE, bad us. It wasn't my call :o).

------
tptacek
As a practitioner, I find this hard to argue with and somewhat obvious, since
the preceding 10 years have largely been about how hard it is to get critical
patches adopted in opt-in schemes.

------
duskwuff
The results are kind of bogus in a lot of cases, though. For Safari, for
instance, there are multiple "correct" versions (one for 10.5 users, another
for 10.4 users), so uptake of a new version can't be expected to ever reach
100%. Same goes for Firefox, where some users are still using the 2.x branch:
they obviously won't get a 3.x update.

Really, Chrome is at an advantage here by only having a single version.
Comparing other browsers' update cycles to it is hardly fair.

------
jlefo7p6
The title is a little off: security updates boost security, and silent updates
boost adoption of updates.

The recent stink with Adblock Plus and NoScript using my browser in their
personal snowball fight makes me leery of auto-updates. Making the normative
choice the default setting has an okay track record, but I'd like as many as
eyes as possible helping me keep developers in line with my needs.

------
roc
As a user, I find this pretty easy to argue with, since the preceding 10 years
have largely been about how software companies can't be trusted with silent
update capability.

~~~
tptacek
This is a really weak argument, since vendors can undertake the same illicit
actions you're averring using opt-in updates. Updates that aren't what they
say they are remain a problem regardless of opt-in/opt-out.

~~~
roc
Except that the opt-in process enables transparent third party verification.
Updates can be tested individually. When an opt-in update misbehaves, word can
(and does) spread. It can be avoided.

If a silent update misbehaves, how do we have a chance to -do- anything? The
update was likely applied before we could even open an app to get the news.
Should we go online in a VM to verify that it's safe to connect with our
preferred OS/software?

~~~
tptacek
The argument is for transparent opt-in updates. It's not for eliminating opt-
out. I agree that there should be an opt-out.

The argument about third-party verification is a red herring. I feel somewhat
qualified to argue that third parties will "verify" updates no matter how
they're disseminated; reversing patches is a bread-and-butter part of security
product development.

