I agree that auto update should be the default. But people who are scared of clicking "yes" on an upgrade are not the ones who will go into the registry or edit Windows group policy settings to prevent updates.
I think what Google tries to do is to prevent sysadmins from doing with Chrome what they did with IE in the past. The average sysadmin loves to freeze things because that reduces the number of variables that matter for troubleshooting.
Or they don't want to risk finding they've installed something with a wonderful new undisclosed Zero Day exploit throughout their shop.
Updating in a corporate environment is very different from what you do at home or a small business. Some sectors require extensive testing before rolling out any change whatsoever.
In that case, they don't want things happening before they have tested any proposed changes.
When a package is blown down to the network with it's configuration locked (and set to not update), they don't expect a package to spontaneously start updating itself.
Google might let their browser ignore "no auto updates," but may find their browser losing market share in the corporate world. If they get booted, chances are 50/50 if the app ever make it back in the mix.
It doesn't take much.
If I wanted a closed ecosystem, I'd have chosen Apple. Google is becoming less and less appealing with every new decision they announce.
> In that case, they don't want things happening before they have tested any proposed changes.
True, but let me continue that sentence: ... and as they have too little time for testing, they tend to resist all change.
There are a few very capable IT organisations that have a systematic approach to change. It would be a sensible thing to give them the necessary tools to manage change. One such tool is to delay browser updates.
But there are many more incompetent IT organisations that are overwhelmed and will keep the same browser version for 10 years if you let them.
I'm just making an observation. I don't know what the best solution is.
The time isn't an issue at that level. They have specific tests for various situations and the time it takes, it takes. I've seen banks spend upwards of 6 months testing before instituting software changes to trader/production systems.
As for capable IT departments, on the large corporate scale, they fairly bulge with competent people. Obviously not everyone's a star, but they don't suffer idiots to live.
I don't upgrade anything until it's been on the street for a time. I let other people play canary.
This is why my company won't allow Chrome on their workstations - it's a security risk. As far as I'm concerned installing Chrome on your system is installing a backdoor for Google. You don't know what that next version is going to bring, what bugs and vulnerabilities it will contain. All installed for you automatically! No thanks.
I think what Google tries to do is to prevent sysadmins from doing with Chrome what they did with IE in the past. The average sysadmin loves to freeze things because that reduces the number of variables that matter for troubleshooting.