SillyDog701

[Hendikins]

I have two words to describe the automatic update configuration in Firefox:

"Sensible Defaults"

Given Firefox is intended for use by both technical and non-technical users, the default behaviour is both sensible for the non-technical users (most of whom wouldn't even know what a software update is, let alone why they are important or how to apply one), and easily configured by the more technical users if they wish to do so.

From a user support standpoint this is generally a good thing as it means the vast majority of users will get security fixes in a timely manner.

Even though it is a non-issue to me (I compile my own builds of browsers, and as a result don't use the update system), I really don't see the cause for complaint.

UserAgent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.2pre) Gecko/20070222 SeaMonkey/1.1.1

[Don_HH2K]

Let's say this is not version updating, but something else. Would you be happy if you were only told after something new or would be changed would apply automatically when you re-launch the software next time?

Depends; what is "something else"?

UserAgent: Mozilla/5.0 (Windows; U; Windows NT 5.2 x64; en-US; rv:1.8.1.1) Gecko/20070218 BonEcho/2.0.0.1 (mmoy CE K8N-X02)

[Antony]

A quick notice from replies here. Those who would rush to get the latest update/patch support Firefox's semi- forced manner that trying to make everybody use the latest version of software.

Let's say this is not version updating, but something else. Would you be happy if you were only told after something new or would be changed would apply automatically when you re-launch the software next time?

Depends; what is "something else"?

Such as a few behaviours being changed or disabled.

UserAgent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en-US; rv:1.8.1.2) Gecko/20070219 Firefox/2.0.0.2

[Don_HH2K]

No, I wouldn't like that, but the problem with that argument is that you've changed the situation. The Firefox version hop from 2.0.0.1 to 2.0.0.2 doesn't change or disable any features.

As Hendikins mentioned, "sensible defaults" is a good way to term what Firefox is doing. Some people who don't have a clear understanding of how Firefox works might think that, if they make the update, their profile data could potentially become corrupted or erased or so, and thus would just keep cancelling the update process. So adding the extra force is more of a security feature than a "dirty tactic", as you've labeled it.

UserAgent: Mozilla/5.0 (Windows; U; Windows NT 5.2 x64; en-US; rv:1.8.1.1) Gecko/20070218 BonEcho/2.0.0.1 (mmoy CE K8N-X02)

[Antony]

Because you believe the latest is the best, and you would get the latest version of whatsoever anyway, so you don't see that an application secretly downloading software then only inform you that it will install by itself next time you relaunch the app is an issue.

However, if that's to disable a certain feature you use often, you would not be happy.

Firefox shows absolutely no respect to users.
Latest is not necessary the best.
Not every Firefox user must live with the latest of whatsoever.



Perhaps one day some smart hackers will target Mozilla Update server, and if users were unknowingly (because of the default setting) to install updates comprised of codes conducting illegal activities, Mozilla should be blamed for such dirty tactic on forcing users to update software.

UserAgent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en) AppleWebKit/418.9.1 (KHTML, like Gecko) Safari/419.3

[Don_HH2K]

I'd like to show the list of security patches in Firefox 2.0.0.2.

MFSA 2007-08 onUnload + document.write() memory corruption
MFSA 2007-07 Embedded nulls in location.hostname confuse same-domain checks
MFSA 2007-06 Mozilla Network Security Services (NSS) SSLv2 buffer overflow
MFSA 2007-05 XSS and local file access by opening blocked popups
MFSA 2007-04 Spoofing using custom cursor and CSS3 hotspot
MFSA 2007-03 Information disclosure through cache collisions
MFSA 2007-02 Improvements to help protect against Cross-Site Scripting attacks
MFSA 2007-01 Crashes with evidence of memory corruption (rv:1.8.0.10/1.8.1.2)

Two of these are rated "Critical", one "High", three "Moderate", and one "Low". So if you don't update from 2.0.0.1 to 2.0.0.2, you're open to eight security holes.

Let's say you stuck with Firefox 2.0 (Gold), that'd be another eight holes that were fixed in Firefox 2.0.0.1. Five of them are rated as "Critical". So if you want to stick with sixteen open holes, seven of which are marked as "Critical", be my guest.

As it was mentioned before, we could have been able to avoid some nasty worms like Slammer if people decided to apply a security fix that had been released six months before.

UserAgent: Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.8.1.2) Gecko/20070225 BonEcho/2.0.0.2 (tete009 G7 SSE2)

[Antony]

Please do not change the topic. We are on the topic of unethical dirty tactic Mozilla implemented in order to force users updating by knowing that a number of users do not change the default settings.

If getting the latest update (and rushing for it) is such a great thing, why can't Firefox inform the users first (and requests permission)? Instead, they must use such dirty tactic, and users were only informed after the update has been stealthily downloaded and users were forced to install it.



If Microsoft updates Internet Explorer in such manner, I am sure I will hear different response here.

UserAgent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en) AppleWebKit/418.9.1 (KHTML, like Gecko) Safari/419.3

[Mandrake]

Microsoft does update IE the same way. After automatic updating is turned on the default setting is to automatically download and install updates.

I agree with Hendikins. The update defaults in Firefox are sensible. It's ensures that end users have the latest version and are protected from the latest security flaws.

UserAgent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.2) Gecko/20070219 Firefox/2.0.0.2

[Don_HH2K]

Please do not change the topic. We are on the topic of unethical dirty tactic Mozilla implemented in order to force users updating by knowing that a number of users do not change the default settings.

I'm not changing the topic. I'm showing you why updates are a necessary thing.

If getting the latest update (and rushing for it) is such a great thing, why can't Firefox inform the users first (and requests permission)? Instead, they must use such dirty tactic, and users were only informed after the update has been stealthily downloaded and users were forced to install it.

I've noticed that, unless developers shove updates down their users' throats, software often just doesn't get updated. For example (though keep in mind this was back before MS killed off updates for Windows 98), most remaining 98 users hadn't ever run Windows Update and had forsaken a number of open security holes and continued using vulnerable copies of IE5.0.

If Microsoft updates Internet Explorer in such manner, I am sure I will hear different response here.

They do. Internet Explorer 7 is listed as a "Critical Update" that automatically gets downloaded by Automatic Updates.

EDIT - it looks like Mandrake beat me to posting about IE. I guess that's what happens when you start a post at the beginning of class and end it at the end of class.

UserAgent: Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.8.1.2) Gecko/20070225 BonEcho/2.0.0.2 (tete009 G7 SSE2)

[Antony]

Asa Dotzler, an employee of Mozilla Corp., commented on this matter.

Mozilla only forces the update for critical security fixes. If you don't like that, you can turn it off in the preferences. Running a browser without the latest security fixes, however, is extremely foolish.

UserAgent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en-US; rv:1.8.1.2) Gecko/20070219 Firefox/2.0.0.2

[profman]

I agree with Antony that automatic updates is a disagreeable option (the words "dirty tactic" is, perhaps, an unusual phrase to express this sentiment). It seems to me that the computer expertise of the user may be the largest factor in this debate about automatic updates of software. Clueless people, of which there are many, probably need to be forced to update their software whereas experienced computer people generally are capable of making their own decisions about such matters.

I disable almost all automatic updates on my home computer systems. I then manually run update programs and make decisions about what updates to apply. I was not particularly happy when Firefox 2 announced its applied update on one of my computers. On the other hand, I understand the logic in this. I will probably change Firefox's 2 behavior on any other systems that I install it on so that updates are not automatically applied.

UserAgent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.12) Gecko/20050915

[geffr]

FYI, my earlier post about forced updates in 1.5 was incorrect. I had the feature turned off on one of my machines. I discovered tonight on my other machine which didn't have the feature turned off that I had no choice on the update.

I have mixed feelings about this. I read the earlier post where Moz says they're only doing forced updates for security releases. This probably is best for average non tech users. I will intentionally disable it in my 2nd machine, I do prefer personally to have a choice.

UserAgent: Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.8.0.10) Gecko/20070216 Firefox/1.5.0.10

[Fulvio]

Geffr,
I, always, had the eature turned off, or like I have it in 1.5.0.10, to ask me what to do.
I had uninstalled 1.5.0.8, and when I reinstalled it, I found out that the preference had changed, so I ended up with 1.5.0.9. The incremental update was downloaded at an inopportune time. So, now, I cannot assume, anymore, that using the same profile will give me the same preferences.It is no big deal, but I did not like the timing, nor the fact that I had no choice to do it later. No, it was not "dirty tactic", just boneheaded. They could do things in a better way.

UserAgent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.2) Gecko/20070219 Firefox/2.0.0.2

[Antony]

I saw this Adobe software update notifier, and I was to excited. Why? Adobe does the right thing!



Informing users that there are updates available, and ask users if he or she wants to start download.

Well done Adobe!


Unlike the shameful Firefox, must resort to such dirty tactic by setting the default Preferences to download updates stealthily, and only inform users that updates have been downloaded and will be installed upon next relaunching of application.

Yes, even after two weeks, I am still unhappy with the ploy Firefox employed to force users update software.

Please note, I do not say security update is not important, however, I don't see that need that I shall rush for the latest of whatsoever release, and certainly can't understand the need to force me (and a number of users who do not check default Preferences settings) to rush for the latest.

UserAgent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en-US; rv:1.8.1.2) Gecko/20070219 Firefox/2.0.0.2

[Fulvio]

Antony,
these are not dirty tactics. They are bone-headed. I am not going to allow any updates, unless I know what they are, but what about the plan, which was, hopefully, scrapped, of the newer Firefox and Thunderbirds, of making themselses default..
If I uncheck the box, it becomes greyed out. That's downright stupid.

UserAgent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.10) Gecko/20070216 Firefox/1.5.0.10