Mozilla seems to be following the lead of Google and Microsoft with its inclusion of a silent auto-updater in Firefox...
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
13. Adobe also included the feature in Flash 11.2. Will silent auto-updaters benefit user security on the whole, or will they cause application-compatibility issues?
Ask a question
SearchSecurity.com expert Michael Cobb is standing by to answer your questions about enterprise application security and platform security. Submit your question via email at email@example.com.
Silent auto-updaters install the most recent patch or version onto an installed browser or software product without first obtaining permission from the user or administrator. The main reason software vendors are moving toward silent updating is to ensure better threat protection when users are surfing the Web. Silent updates can prevent attacks that target outdated Web browsers and popular Web software programs, greatly reducing the number of PCs that are infected by malware.
Even the perception of silent updates being invasive is changing to these updates being convenient for users. Wider deployment of the most up-to-date software also benefits businesses, giving developers the ability to leverage features that deliver richer and more engaging Web services.
Unforeseen application-compatibility issues when a browser or software version has been silently updated is also far less of a problem nowadays. For example, DLL Hell, a situation in which one application would install a newer version of an existing DLL with unanticipated functionality changes, has been essentially eradicated in recent versions of Windows because Windows File Protection protects system DLLs from being updated or deleted by unauthorized programs.
However, application compatibility problems may occur when silent updates are imposed upon legacy or aging infrastructures that are running outdated and officially unsupported operating systems and applications. In such cases, network administrators need to weigh the risks of delaying updates against the risk of the updates adversely affecting software or systems. Fortunately, administrators can still delay deployment until the update has been fully tested to ensure that it won't cause any application-compatibility issues. For Windows environments, administrators can use the IE8 and IE9 Automatic Update Blocker toolkits to manage the update process. Firefox can also be set to automatically download and install updates or check for updates but not install them without prior permission.
Because the user does not have to worry about updates and maintenance, meaning the system stays more secure at any time, enabling silent updates is a reasonable default for most Internet users. Because Google's Updater is open source, an increasing number of software vendors are likely to start incorporating silent updates into their programs.
Dig Deeper on Web Browser Security
Related Q&A from Michael Cobb
What is BGP hijacking or IP hijacking and how do cybercriminals pull off the attacks? Expert Michael Cobb explains how enterprises can mitigate these...continue reading
Is the Dell eDellRoot security threat a serious problem and, if so, can it be prevented with self-signed root certificate authorities? Expert Michael...continue reading
What does FIPS 140-2 Level 2 certification for devices cover? Expert Michael Cobb explains the FIPS 140-2 security standard and how vendors use it in...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.