Mozilla to start auto-updates for Firefox 4

Following in the footsteps of Google Chrome, Mozilla is planning to make updates for Firefox 4 behind-the-scenes. The feature is “on track” for the latest version of the browser.

Two betas have been released for Firefox 4 in the last 4 weeks with a 3rd update due next week. The ‘silent’ updates will only be available for Windows, said Mozilla. Most of the updates will be downloaded and installed automatically without prompting for user confirmation. This was confirmed by Alex Faaborg, a principle designer on Firefox 4.

"We'll only be using the major update dialog box for changes like [version] 4 to 4.5 or 5," Faaborg said in a late July message on the "mozilla.dev.apps.firefox" forum. "Unfortunately users will still see the updating progress bar on load, but this is an implementation issue as opposed to a [user interface] one; ideally the update could be applied in the background."

The final decision is still up to the user, you can decide whether you want to accept the auto-updates, or stay with the current setup. This is unlike Google Chrome that gives you no option for the auto updates. Chrome is the big player when it comes to auto-updates, it kicked off in September 2008, and still relies on the then controversial update method.

A May 2009 paper, co-authored by a Google engineer, argued that "any software vendor [should] seriously consider deploying silent updates, as this benefits both the vendor and the user, especially for widely used attack-exposed applications like Web browsers and browser plug-ins."

According to "Why Silent Updates Boost Security" (PDF), 97% of Chrome users were running the latest version of the browser within 21 days of the last update's release. In comparison, 85% of Firefox users were up-to-date in the same time frame, and 53% of Safari users.

Robert Strong the Mozilla engineer who has been writing the behind-the-scenes update service, defended the move toward a Chrome-like service. "There are people that don't like being notified of updates," Strong said, "There is 'no one size fits all' behavior for this that will please everyone."

Adobe is also jumping on the silent update train for it’s Reader and Acrobat software. The company has stated that it will not go fully-automated, saying it will incorporate some kind of user permission service.

Report a problem with article
Previous Story

Apple might announce a new iPod line-up in August

Next Story

Swiftpoint mouse shipping tomorrow, set to revolutionize market

72 Comments

Commenting is disabled on this article.

As long as it isn't monitored through background processes outside the browser itself (as with Chrome and Safari) I'm all for it.

If the authors of Firefox intend on forcing silent updates, then they had better be changing how their addons are handled. Because I'd be willing to bet that I'm not the only one who gets ticked off at the addons breaking for EVERY minor Firefox update. There is no excuse for that. I'm about ready to dump Firefox because of that.

TC17 said,
If the authors of Firefox intend on forcing silent updates, then they had better be changing how their addons are handled. Because I'd be willing to bet that I'm not the only one who gets ticked off at the addons breaking for EVERY minor Firefox update. There is no excuse for that. I'm about ready to dump Firefox because of that.

Read: You aren't force to.

"The final decision is still up to the user, you can decide whether you want to accept the auto-updates, or stay with the current setup"

There is no excuse for not reading either.

At first I held my nose, but then with more noobular people trying Firefox that brings an element of non-updaters into the mix, so I think this is a good thing overall.

In Firefox's case, it's good, as they don't really update very often, and when they do, it's only after extensive testing. It's bothersome and a great safeguard at the same time.

As long as I have the OPTION to turn it off/on or, to decline the update, I don't have a problem with it.
As with MS updates, I have the automatic version DISABLED, and check the update site 1-2 times a month. My computer, I should be able to push updates I want, not what MS thinks. Which is why I'm still in a holding off pattern on the iPhone. I don't care what Job's & Co. say, my phone, I'll update what I want, when I want, which is why I still own an unlocked HTC phone.

I hope that in those 'silent updates' could fix all the add-ons broken in Firefox 4. I want to got back using FF [currently using Chrome as default browser x.x]

I'm all for silent updates, but I wish they could all come through Windows Update. I don't like having extra processes or services running all the time just to get the latest update. Either put it through WU, or have the program do a quick check when it's launched.

Fish said,
I'm all for silent updates, but I wish they could all come through Windows Update. I don't like having extra processes or services running all the time just to get the latest update. Either put it through WU, or have the program do a quick check when it's launched.

No thanks! I don't want to see third party crap on Windows Update. Lets keep that for Microsoft's stuff.

This is a great idea. I support this 100%. I just hope that they 1) Backup your data first, and 2) Improve the Add on system so that they aren't always breaking with each update because that could really be annoying and confusing to users. Especially when the updates are silent. I know this is planned, but I haven't heard anything on it in a while...

Silent updates are cool -- that way when it breaks the user doesn't have a clue why whatever stopped working, let alone an opportunity to back up 1st. Of course from some developers' perspective that doesn't/won't happen, so no prob -- which is kinda silly since most updates are fixes. I wonder if it ever occurred to some of the "Why Silent Updates Boost Security" fans that people might be hesitant to install updates not because they're lazy, but because on occasion they break more than they fix?

mikiem said,
Silent updates are cool -- that way when it breaks the user doesn't have a clue why whatever stopped working, let alone an opportunity to back up 1st. Of course from some developers' perspective that doesn't/won't happen, so no prob -- which is kinda silly since most updates are fixes. I wonder if it ever occurred to some of the "Why Silent Updates Boost Security" fans that people might be hesitant to install updates not because they're lazy, but because on occasion they break more than they fix?

Well, I have always been an advocate of updaters performing a backup before installing any update. All of my software does that before anything is overwritten...

tuxplorer said,
That's incorrect. You can install Google Chrome from the standalone installer which doesn't install Google Update. If Google Update isn't installed, then it won't auto updated. Even if you install Chrome using the regular way, you can download a simple Group Policy template to block/disable Google Update. Or one can disable Google Update tasks scheduled in the Task Scheduler and disable its service to prevent auto update yet update manually from Chrome's About dialog.

Yes, but then you modify Windows behavior to not allow that service - not Chrome itself.

KavazovAngel said,
Okay for the average person, I guess. I don't use auto-update on any software besides Windows, however.

The other way around for me. M$' way of putting out updates is extremely annoying. But I might have to disable this one though, as I like having control over my machine.

If it were to work per-user then it'd be sticking a bunch of Firefox 4 in your user profile. Screw that.

Good, I hate having to check all the time even if it is ever few months still it would be nice just to have an auto update feature.

iAltair said,
silent updater isn't that safe in terms of security.

Like the article says - you can turn it off.

But I disagree - pushing security updates to users with an auto updater will obviously enhance security, not worsen.

Chris4 said,

But I disagree - pushing security updates to users with an auto updater will obviously enhance security, not worsen.

+1

I just wish Windows had an auto-update system for all programs instead of every program having its own auto-updater, most of which work poorly.

LaXu said,
I just wish Windows had an auto-update system for all programs instead of every program having its own auto-updater, most of which work poorly.

Yes, but than people would be complaining about their privacy rights being violated. I agree though, given that the application and not the OS is slowly turning into the main vector of attack, and programs like PSI are a pain.

bluarash said,

Yes, but than people would be complaining about their privacy rights being violated. I agree though, given that the application and not the OS is slowly turning into the main vector of attack, and programs like PSI are a pain.


Linux distros have that and nobody complains about there privacy rights being violated.

An App Store type senario for Windows would be nice. I guess like Valve's Steam but for applications instead.

LaXu said,
I just wish Windows had an auto-update system for all programs instead of every program having its own auto-updater, most of which work poorly.

I agree. I would support this being built into Windows as well... Hopefully in Windows 8 since it's a "major" release...

LaXu said,
I just wish Windows had an auto-update system for all programs instead of every program having its own auto-updater, most of which work poorly.

hello adobe

bluarash said,
but than people would be
but then people would be
soldier1st said,
nobody complains about there privacy rights being violated.
nobody complains about their privacy rights being violated.

Okay, grammar out of the way, I'm sure that the Add/Remove Programs feature in Windows could easily be expanded into a proper package management system for digitally signed applications at relatively little cost to Microsoft, all they'd need to do is have one more server with a table of the digital signature, version number and update link. Somebody should suggest it to the development team and see what kind of response it gets from them.

shhac said,
but then people would benobody complains about their privacy rights being violated.

Oh pulease; this forum is filled with morons who think their privacy is being violated because they detect a packet leaving their computer without their explicit knowledge. If Microsoft created the most secure operating system on the planet that locked down all the areas of attack you'd end up with security companies whining of anti-competitive behaviour and end users whining that the auto-updates violate their 'rights'.

The average user is an idiot - the sooner you realise that the sooner you're not disappointed when someone does something stupid.

shhac said,
Somebody should suggest it to the development team and see what kind of response it gets from them.

This is some incredibly naive thinking. Do you not think that this has been suggested to Microsoft in the past? There have been a number of individuals that have come forward requesting this feature somewhere after the introduction of Redhat RPM management and Ximian Red Carpet. This goes back at least a decade. However, if you have that kind of sway over Redmond, by all means use your diplomatic diplomacy and get us, the rest of the Windows community the feature.

This has been long overdue for browsers. Providing you can turn it off then I think this will have massive security benefits for the average Joe

DomZ said,
This has been long overdue for browsers. Providing you can turn it off then I think this will have massive security benefits for the average Joe

+1

I think this is a good idea. They might want to put in some option to opt out so that it can be better integrated in to corporate network policy, but for the typical home user this is a very good idea.

bluarash said,
I think this is a good idea. They might want to put in some option to opt out so that it can be better integrated in to corporate network policy, but for the typical home user this is a very good idea.

Yes, I agree. A lot of people just never bother to update software. For browsers that can be a big deal... I support this.

Mouettus said,
Is it only me or each update is like 11.X MB... the size of the whole browser altogether!?

It's not that bad compared to Apple software updates.

Mouettus said,
Is it only me or each update is like 11.X MB... the size of the whole browser altogether!?

Possibly. But with a broadband internet connection... I really couldn't give a damn.

Mouettus said,
Is it only me or each update is like 11.X MB... the size of the whole browser altogether!?

Last few updates have been <1MB for me.

Mouettus said,
Is it only me or each update is like 11.X MB... the size of the whole browser altogether!?

Chrome updates are 50 megs large each time, and growing with time (check %APPDATA%\Local\Google\Update)

Mouettus said,
Is it only me or each update is like 11.X MB... the size of the whole browser altogether!?

It only downloads the full update if it can't download the patch version, which is only a couple of megs or so.

ramik said,

Chrome updates are 50 megs large each time, and growing with time (check %APPDATA%\Local\Google\Update)


Only if you download the entire package, which the chrome updater never does. They have special form of patching that makes the slient updates really small.

SharpGreen said,

Only if you download the entire package, which the chrome updater never does. They have special form of patching that makes the slient updates really small.

i use DEV channel, and it seems that always it download 50+ MB

thealexweb said,

It's not that bad compared to Apple software updates.

Nothing is that bad compared to Apple software updates... lol But honestly I don't think the Firefox updates are that bad at all...

ramik said,

Chrome updates are 50 megs large each time, and growing with time (check %APPDATA%\Local\Google\Update)

checked the folder... the last google update was 2.74 MB? Maybe that's because I'm running a Dev version.
With mozilla updates, if you are running the nightlies and don't update the browser for a couple days you will end up downloading 11mb+ (full update), otherwise it is around 2 to 3 mb (patch version).

I don't think these bugfix releases are full updates either, so all the automatic updates should be small.

Mouettus said,
Is it only me or each update is like 11.X MB... the size of the whole browser altogether!?

Delta patches are just asking for support headaches. It's better to update the whole thing for binary files.

GreyWolf said,

Delta patches are just asking for support headaches. It's better to update the whole thing for binary files.

Well theyre better for consumers if done right. Still, at 11mb It hardly matters IMHO.