SillyDog701

[Antony]

According to Business Computing World, many IT security experts are concerned about Firefox's purposed stealth (Mozilla dubbed it “silent”) background updates poses a big security risk.

Currently, when Firefox detects an available update, it lets users know and if users do not change the default setting or agree to install it, the browser launches its updater program. Then program downloads the update, applies it to Firefox, and restarts the browser. To empower Mozilla more control on forcing users to use ‘latest’ version of Firefox, Mozilla came out with a stealth method: just download the new version in the background without informing users, and upon the next relaunch of Firefox, the old Firefox will be swapped out with the new one.

"While many IT security systems will have to be reconfigured to allow background updates to Firefox--which is not a good thing in the first place--there is danger that hackers could subvert the update system to allow them back-door access to the users’ computer," according to Philip Lieberman.

UserAgent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:8.0.1) Gecko/20100101 Firefox/8.0.1

[Fulvio]

But, is it not this the way Google Chrome used to be. I, finally, figured out its settings, but it unasked for updates got me to remove it, for a while.
In all fairness, Mozilla should, clearly, inform the users of its habit of updating, if settings are at default.
But, who would read such information?

UserAgent: Mozilla/5.0 (Windows NT 5.1; rv:8.0.1) Gecko/20100101 Firefox/8.0.1

[Edward]

Chrome does it the same way. At least in Windows, it checks for an update after it's launched and installs it in the background, when one is available.

Mozilla has been doing this for a while now with Firefox, SeaMonkey and Thunderbird.

The only time Chromium (as Chrome is known as, in the Linux world) does not do this automatically, is when it is installed as part of a distribution. It will only update once the distro releases an updated package for it.

And Microsoft does it the same way too, with Windows updates.

UserAgent: Mozilla/5.0 (X11; Linux i686; rv:9.0) Gecko/20111119 Firefox/9.0 SeaMonkey/2.6

[Fulvio]

And Microsoft does it the same way too, with Windows updates.

Not quite, unless you select Automatic Updates. Even that has not worked for me. As for Mozillas, indeed, if you were not going to change the default settings, it would install. So, assuming that a person is clueless, or prefers Automatic Updates, Mozillas and Windows Updates are the same. As for Google Chrome, I thought that I had it tamed, but I was mistaken. I do not settings to be changed, and, a sort time ago, it looked for updates, and tried to install whatever was there. Then it quit, and went back looking for updates. For the longest time (at least 15 min) Chrome did not allow me to do a thing , nor to load Seamonkey. I think that it is a bye-bye to Google Chrome.

UserAgent: Mozilla/5.0 (Windows NT 5.1; rv:8.0.1) Gecko/20111121 Firefox/8.0.1 SeaMonkey/2.5

[Edward]

We had that option with Windows XP, but from what I have seen with Vista (32-bit), it downloads most updates automatically and installs them in the background, at least, that is what it does on my system.

On a few rare occasions though, it will display that an update is available and I had to manually select whether or not to update that particular piece of software.

UserAgent: Mozilla/5.0 (X11; Linux i686; rv:9.0) Gecko/20111119 Firefox/9.0 SeaMonkey/2.6

[Fulvio]

If not a security risk, it can be a nuisance. And, I can, partially, understand the complaints from many people.
But, there are no updates, unless they are approved.
I will give an example. I have liked 3.6.x, and I am hanging on it, as long as it is supported. However, Mozilla Firefox is two-faced about this. If I look at Tools|About Firefox, it will tell me that 8.01 is the newest Firefox, and if I do not pay attention at what Mozilla Firefox is trying to sneak past me, it will replace 3.6.24 with 8.01.
I had, completely, forgotten that I was in 3.6.24, and I get this software update notice. Very interesting, because when in 8.0, I am told that it is up-to-date, so, I thought Mozilla Firefox wanted me to update it to 8.01, but not now. Instead 8.01 installs on top of 3.6.24. You can guess what I did. I uninstall 8.01, and reinstalled 3.6.24.
As for 8.0, which I am using now, it is still up-to-date. Nuisance!

UserAgent: Mozilla/5.0 (Windows NT 5.1; rv:8.0) Gecko/20100101 Firefox/8.0

[Edward]

I've since changed all of the preferences in both SeaMonkey and Firefox to prompt when updates are available.

Debian provides updates for iceape, iceweasel and icedove when warranted and I update using the Update Manager in Linux.

UserAgent: Mozilla/5.0 (X11; U; Linux i586; en-US; rv:1.9.1.16) Gecko/20111108 Iceweasel/3.5.16 (like Firefox/3.5.16)