Over on the StopBadware blog, I just posted my thoughts on Google Chrome’s silent patching behavior:
While the technical mechanism in question sounds like an effective and efficient way to update browsers, the lack of user control inherent in Chrome’s system is concerning. There is no clear notice during installation or operation of the software that it will be updating itself automatically. (I didn’t read the entire EULA, but then, neither will most users.) There is also no obvious place in the program’s options screen for disabling this feature, in case you want to test using different builds or have some particular objection to auto updates or a particular change in a newer version.
You can read the entire entry over on the blog. What do you think? Post your thoughts below.
I think, based upon your observations, that Google should be called to task and offer an appropriate information and options. Perhaps those who feel strongly about this will provide that feedback directly to Google in addition to the discussion here.
Suggest a Feature for Google Chrome >>> current suggestions
http://www.google.com/support/chrome/bin/static.py?page=suggestions.cs
Google Chrome Help Forum >>> place to post new suggestions
http://www.google.com/support/forum/p/Chrome?hl=en
Many companies are using this method of adding a patching program. But mostly these small “helpers”, will tell you when they’re ready to patch.
To mention a few: Flash patcher, Acrobat Reader, Sun Java.
Personally I always disable all these patchers, they tend to clog the system startup and since I’m technically inclined anyway, I usually take the time to do the version checking myself.
The Google updater however, is behaving a little different in two ways actually.
First of all, it updates when there is a real update to the browser – silently without notice. – That’s good for as long as no one hijacks the traffic and makes it update with fake software.
Secondly, if you ever uninstall all your google products, the updater stays active in startup. – At least that’s what I’ve noticed on all my installation. – Now that is bad behavior in my book.
The dangerous part is that some might trust Google enough to allow this, but what happens when the next worm hides as the Google updater? – No one would think Google did anything bad …
My bet is on the way Mozilla Firefox does the patching. – Report when there’s a patch aviailable, and allows the user to perform the patch. – The nagging alone should eventually get the users updated.
If the silent patching would be limited to surgical security updates, I am all for it. However, seems like this is not the case with Chrome. Functional updates are pushed as well and eventually functionality that people rely on will break (potentially loosing faith in the update mechanism.) We have seen how people react to automatic updates of functionality when IE7 (and now IE8) was pushed via the automatic update mechanism….
Were the silent patching be limited to surgical security updates, I think having them turned on by default is an effective mechanism to keep the systems secure. However, the possibility to somehow disable this mechanism (can be obscure and difficult) should be provided to give users the control of their system and resources. I doubt the ability to disable the patching mechanism would seriously effect the security of the overall browser ecosystem (as demonstrated by Firefox). Most people will have it turned on; as a result, a majority browsers will be quickly patched effectively deterring attackers to go after browsers with this update mechanism.
Christian
