Mozilla is changing the way Firefox installs on computers in an apparent concession to enterprise users it previously ruled were irrelevant. Future versions of the open-source browser will download and install silently on your machine, saving you the bother of downloading and authorising the update. It is hoped switching to …
Get around UAC? Kind of missing the point here
'The Firefox team is testing a "Windows service approach" to get around the UAC issue; the service would install an optional component that would automate the update install without giving the UAC prompts, Bondy said.'
Chrome gets around this by running with user privileges in the user folder. What Mozilla are suggesting seems to punch a hole right through a rather important security layer. One small coding bug now makes the entire Windows platform vulnerable to malware, all to prevent a pop-up every 6 weeks.
Something tells me that this would NOT be the preferred solution for Enterprise. The preferred solution for Enterprise would be a pre-packaged MSI update that they could control the deployment of.
Isn't Google punching a hole through security already? AppData is not the intended location for application executables.
Not punching through, working around
Chrome is running as a user and is only installed in the user folder using user rights. This is the decision they made to allow for rapid updates. Sure, it breaks standards a little but it keeps the security layer intact.
Chrome does offer an Enterprise installer that installs to the Program Files folder but sticks with UAC for updates.
"Sure, it breaks standards a little" - yes, well, MS could have said that about their Java implementation and IE up until recently!
is silently updating going to help corporates test the update centrally, before allowing it to be installed on the network?
And I agree, Barry, punching a big security hole in the middle of the OS, to get around UAC is just damned foolishness!
Rewriting it to work with WSUS or something similar, so that it can be pushed out to computers, once tested, would be a much better idea!
Windows update does it like that
The best solution would be MS allowing hooks into Windows Update for 3rd party programs, it's something they should really should have got round to by Vista's release.
Barring that, if Mozilla do it like Windows Update does (which also uses a service), arguably it's the correct approach. And if they have a group policy that allows you to push out Firefox updates when you want to from a local server of your choosing, even better (it's like WSUS and enterprises like WSUS).
"Something tells me that this would NOT be the preferred solution for Enterprise."
Well, in all fairness it wasn't that long ago when some Mozilla employee stated that "the company wasn't concerned with Enterprise customers and probably never would be". (seen in an previous article on El Reg).
So in that context changes like these make sense... sort off... Personally I think Firefox is really going downhill these days.
Maybe this shows limitations in the Windows way of storing data. Effectively saying that AppData is the only place a user can write, and should not be used for executables is saying that ordinary, non-privileged users should not be using programs other than what is deployed system wide.
In an older multi-user model (I'm sure you can guess the one I'm talking about), one of the normal conventions is a bin directory under a user's home directory. User written scripts, locally compiled software and trusted executables from other sources can live there. Add it to the path, and users can then effectively extend the OS to do what they want, rather than being limited by what the system provides. And in a homogeneous networked computing environment, this scales to network computing as well!
Windows has no such convention. Shame MS could not learn from history.
Working around = punching through
UAC is there for a reason - to alert the user to programs that require elevated and potentially dangerous permissions. Such as installing new programs. While it may be Google (and Firefox) think they're doing this for good reasons, the reality is if they subvert the UAC mechanism they are undermiming the reason it is there in the first place.
It's also not hard to envisage the dangers of having multiple stealth updaters floating around in the background. While one would hope that Google / Firefox have the sense to verify signatures and other precautions, that doesn't mean their implementation is bug free. I can imagine the fun and games that would happen if someone managed to DNS poison their update sites and use an exploit to install trojans through these backdoors.
Actually, this convention is nowhere near universal in the UNIX (and UNIX like) world. MANY of us recognize that allowing users to install executeables is a risk. many of us mount /home with noexec to combat this.
Users should NOT install apps. Shame some self-declared admins couldn't learn from history.
Appdata not the right place?
Actually, as of Windows 7, the correct location for per-user applications that don't require elevation is a Programs subdirectory under AppData. Windows Installer was even modified to offer an auto-mapping of "Program Files" for per-user installations that would write to this location.
It has been a convention since UNIX made it outside of Bell Labs, which I can testify to since 1978 when I first used UNIX version/edition 6.
I agree that this does not suit all organisations or even all users in the same organisation, and the flexibility of UNIX allows this *convention* to be controlled where it is necessary. That does not alter the convention, merely the implementation.
Your statement that "Users should NOT install apps" is as blunt as me saying that they should. Neither can completely cover all situations. I also wonder whether you differentiate between locally written tools, and applications from external organisations, and also whether you also differentiate between compiled code and such things as shell scripts or other interpreted code (which actually can be run as long as you can run the interpreter, even if the noexec flag is set!). Do you also prevent shell access or disable aliases and functions?
Where I currently work, if the users were not allowed to compile and execute code, they could not work. But that is because our users are scientists who are working on creating computing models. There is no one-size-fits-all model for all organisations.
I'm not sure if that statement about 'self-declared admins' was aimed at me. If I am not a UNIX system admin (30 years looking after UNIX systems from many vendors in lots of industries, including writing some of the security standards and many operational procedures at some organisations), then I don't know what I am, or what a UNIX sysadmin should look like.
Believe me, I have been involved in enough hardened UNIX installations to know exactly what you are saying, and the convention stands.
What about those users without broadband???
Oh bloody brilliant. So when I am tethered to my mobile in China/Thailand/Korea, where my data costs $15 a megabyte, Firefox will 'silently' push an update at me? Pretty stupid, guys...
That's gonna happen...
Yeah right. When you're in a country with $15 / MB data charges, there's no way your even letting your phone synchronise without keeping an eye on it, let alone your tethered laptop.
At that price
I suggest you don't tether at all.
Perhaps it's me but...
In an enterprise situation, wouldn't it be the enterprise that wants to control how the updates are dealt out, and the last thing they want is a program silently installing its own updates without a veto from the IT dept.
Yep. And I don't see anything about being able to point local FF installations to an alternate server hosted within the organization-- now that would be nice but, of course, FF doesn't have Group Policy tools for stuff like that. Fortunately *nix orgs can change repo lists, but, as usual, Win users are SOL.
Yes, I know there are third-party tools for FF. If your org lets you use whatever you want, fantastic. Unfortunately a LOT of orgs require a painful approval process (or refuse to approve other software) which makes using them unlikely or flat out impossible.
Not silently installing updates like some kind of malware was one of the reasons I've stuck with FF and not tried Chrome. Are they trying to decrease their market share and push users like me to Opera?
"Are they trying to decrease their market share and push users like me to Opera?"
YEP! They pushed me to Opera, once they started putting out "updates" to FireKitty weekly.
FF8 now? Expect to see FF 275 by years end, at the rate they're going. Really brilliant...NOT!
Re: No thanks
I thoroughly agree. The FF 6.0.0 update contained a bug that cause me huge problems so I'd be much happier if I can delay updating for a few days so early adopters can root out any major issues that were missed in beta.
I'm sticking with FF3, unless and until I have a compelling reason to switch to a different browser. As far as I'm concerned, Mozilla jumped the shark with FF4, and this is just one more reason to never upgrade.
Mozilla release policy causing many problems
I have my XP users logged in as Restricted and can't install software (which has helped against malware). Auto updating has to be manually disabled, else it blindly downloads the update, then can't install.
Releasing new versions of Firefox & Thunderbird with random version numbers is regularly breaking essential plugins that would otherwise work if the old major.minor numbering scheme had been adhered to. Causing me & my customers unnecessary grief.
Baker said that Mozilla "erred on the side of caution".
No, Mozilla didn't err at all. Users err on the side of "What the fuck is that annoying dialogue box doing. Oh fuck, I'll just click it to make it go away. Why do these software companies insist on making me think about important things when all I want to do is update my status on Arsebook?"
"Firefox, version 8, which is expected in early 2012"
Uhh, someone forgot all about the rapid release cycle.
Release date is expected to be November 8th for Firefox 8:
Firefox 9 is expected in December, and Firefox 10 in January 2012.
Would it be THAT difficult...
...to bung a service together that runs locally on an enterprise's server(s) and allows them to distribute approved updates? That way, they'd only download once (so nice and bandwidth-friendly), they could be tested for compatibility and then released to the users.
Getting round UAC prompts
They could do what Google does... and have the installation completely in the user's User folder.
Like portable FireFox you mean?
Silent update - MEH!
My firewall will still detect that the program has changed and will ask if I want to give it access to the interwebs...
FAIL, I'll still be asked
FAIL, what if I'm using <insert name of browser> but I don't have internet access, support will still have to push the update to users
Zonealarm pop ups
Well, actually I too thought that would be problematic as every time Firefox updates I get the pop up warning from Zonealarm warning me that the program has been changed.
However... this does not happen on Nightly 10, which updates by itself with no pop ups either from Windows UAC or from Zonealarm.
So I think they may have solved it...
This has nothing to do with enterprise or not.
Users can not be trusted to update their machines themselves, so the machine must do it for them. This applies to the O/S and all the apps, I'm looking at you Adobe/Oracle - do I really need to be told Yet Another Version is out ? Just do it !
This way lies anarchy. Just imagine if a virus writer found a way to hijack the deployment process. Instant huge botnet. Just as you cannot trust users, you also cannot trust automatic update processes. Even it they are signed by security certificate.
Ever had an update break all your Add-ons? Guess not huh?
But what about plug-ins?
All this seems to ignore the fact that unlike chrome or IE, plugins built against one version of firefox don't work in the next. At least the current cumbersome method of updating FF gives the user to stick with the version that actually supports their plug-ins
"At least the current cumbersome method of updating FF gives the user to stick with the version that actually supports their plug-ins"
That's as maybe but Mozilla stop issuing security updates for old versions of FF with undue haste. So by sticking to a version that supports your pluging you could end up with a browser full of holes. A rock and a hard place?
You missed the bit where this is now fixed, as FF checks plugins for if they touch changed code, and if they don't, allows them to run.
So here I sit fat, dumb and happy running 3.6.23. Yeah yeah ,,,, I know. BFD DILLIGAFF?
The right solution would be to not auto-upgrade if any installed addons will be broken by the upgrade.
How you then get users to update their addons without a dialogue box... I don't know.
I am assuming they will give you the choice to be either automatic or notify only. I downloaded 7 the day it came out, only to find out it broke noscript and adblock. I ended up rolling back to 6.02, waiting a few days, and then trying again. Certain addons are a requirement, and if they break, I will not update.
By "broke noscript" did you have the same experience as me on upgrading to 7... namely Firefox just decided to delete the entire addon, not simply disabling it, just deleted it entirely, without even telling me too!
I'm not impressed with Mozilla's dumb number game
Its seriously intensely irritating.
They're more needing to fix their sync issues -- hasn't been working at all for quite a few days now (the last time it ate everything -- bookmarks, the lot then returned them all fucked up and broken). And THIS message if you try to delete your sync account (which you currently can't):
"Oh dear. Looks like one of the dinosaurs escaped again. We keep them away from the data, so that should be safe. Please try again later when we've wrestled him back onto the treadmill."
Seriously. What do they think they are playing at?
And they think they will be taken seriously an enterprise environment with messages like that?
Happy enough for auto-updates to be an option,
but I don't want to have to install them. I like to control what goes on my PC.
Faster startup sounds nice, though.
well well well...
I guess i'll keep the 3.6 for quite some time...
They're still not taking the enterprise seriously. How many corporate users do they suppose have admin rights at all? Many don't. If they want to give FF a chance in the enterprise then they need to come up with a corporate admin tool for the browser so that adminstrators can manage the installation of and upgrades to Firefox.
How a about some sort of plugin for SCCM?
WSUS'd be handy...
What is the definition of a program that :
installs itself as a "chron/scheduled" task
installs itself as a service
installs itself as a startup program
re-install itself in those locations each time it is started
Download stuff silently from the internet
Send stuff silently to central servers ?????
For me that was the very definition of a malware and that is exactly what chrome does. And the fact that the installer is "open sourced" is a big lie since I don't control what is really bundled with the chrome installer.
And now Mozilla want to do the same thing ?
As for prefetching it is again a very bad decision that means longer boot and startup times (loading potentially never used DLLs), more memory consumed, more caches misses, it is dumb and I go all the way to remove each of such pre-fetch / fast load programs (adobe, office, open office, and so on and so on ):
And as mentioned above by others, I don't want downloads to happen "silently", sometime I am on a bad link, a costly one or whatever, as far as i know Mozilla, Google and al don't PAY for my net BILLS
At some point I just want to say "HEY GUYS YOU DON'T OWN MY COMPUTER !!!!"
And playing copycat is always a loosing game, the chrome interface is a fail and forcing it to the gut of users in FF6 infuriated me to no end ....
I still like the browser and its add-on mentality, but Mozilla has lost touch with reality.
Chrome isn't open source, Chromium is. That you do have access to the source code, Chrome you do not.
It's becoming a pain in the arse with the frequent updates. I'd rather have a slower cycle with properly-tested new features and bugfixes, with the occasional security fix if they do screw up.
Howabout a silent-install package, either of the self-extracting exe or a good ol' msi file, that could be distributed by my patch management server?
If they did that instead, I could endorse firefox on my network.
Every six weeks is lame
IE is updated every month.
Am I trolling? I don't know. You decide.
- Review This is why we CAN have nice things: Samsung Galaxy Alpha
- Hey, YouTube lovers! How about you pay us, we start paying for STUFF? - Google
- MEN: For pity's sake SLEEP with LOTS of WOMEN - and avoid Prostate Cancer
- Vid BONFIRE of the MEGA-BUCKS: $200m+ BURNED in SECONDS in Antares launch blast
- Tim Cook: The classic iPod HAD to DIE, and this is WHY