Firefox skirts Windows security feature to make silent updates happen
Firefox 12, set to release Tuesday, sidesteps Windows' UAC
Computerworld - Mozilla will ship Firefox 12 tomorrow with a key component of its years-long silent update project.
Firefox 12, which got the green light from Mozilla last week, is slated to release on Tuesday, April 24.
Among the changes to Firefox 12, the most noticeable to Windows users will be the disappearance of the UAC, or "user account control," prompt on Vista and Windows 7 during updates.
UAC is a security feature introduced in Vista -- and in a less-intrusive form, tucked into Windows 7, too -- that requires users to agree to most program installations.
Firefox 12 will be the first edition from the open-source developer that sidesteps UAC.
"[UAC] makes things like automated software updates hard to do without user interaction," Brian Bondy, a Firefox platform engineer, wrote in a March blog post. "If we don't have access to write into Program Files to perform an update, then we have to ask for elevated permissions. We ask for elevated permissions today when applying updates."
In effect, UAC stymies no-user-action-required updates, or "silent updates." UAC-bypass has been one of the five pieces in Firefox's project to introduce silent updates, which is nearing completion but won't wrap up until this summer.
Firefox skips UAC by substituting a Mozilla-created Windows service for the traditional installation process.
Google's Chrome, which has featured silent updating since its 2008 debut, installs its code in the user's folder within Windows to avoid UAC. Mozilla rejected that route.
"We chose not to because it can be an administrative headache for some people who manage updates themselves and have to maintain an installation for every user," Bondy wrote.
Mozilla has said that sidestepping UAC makes sense.
"The repeated prompting is unnecessary because the first time that you accept the prompt you indicate that you put your trust in Firefox," the company said in a February blog post on silent updating. "After you have granted Firefox permission to update it should continue to be able to update future versions of Firefox without prompting you again."
The final component of silent updating, responsible for launching and completing the update entirely in the background, will land in Firefox 13, scheduled to ship June 5, or Firefox 14, set to ship July 17.
Mozilla has been working on silent updating for nearly two years. At one point, it thought it could add the feature to Firefox 4, which shipped in March 2011, but abandoned work when that version was delayed several times for other reasons. Late last year, it said it was shooting for silent updating in Firefox 10, which debuted in January. Those plans were also scrapped.
Implementing silent updating would make Firefox only the third browser to offer the feature, after Chrome and Microsoft's Internet Explorer (IE).
Last December, Microsoft jumped on the silent update bandwagon when it announced it would automatically upgrade IE to the newest browser suitable for each version of Windows. Before the new practice began in January 2012, Microsoft had asked users for their permission before upgrading IE from one version to the next, even if Windows' automatic update service was enabled.
IE's automatic upgrading kicked off in Brazil and Australia only, but Microsoft plans to expand the practice worldwide this year.
Also tomorrow, Mozilla will push Firefox 3.6 into retirement. The company has been dunning users with pleas to upgrade for weeks, and will take the unusual step of automatically upgrading version 3.6 to Firefox 12 after the latter's release.
According to Web metrics company Net Applications, Firefox 3.6 accounted for 13% of all copies of Firefox used last month, down from 79% one year earlier.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, on Google+ or subscribe to Gregg's RSS feed . His email address is firstname.lastname@example.org.
- Google reverses field, promises to restore Chrome's scrollbar arrows
- Update: Google ships Chrome 33, patches 28 bugs
- Mozilla's top exec defends in-Firefox ads, revenue search
- Mozilla taps in-Firefox ads as it searches for more revenue
- Mozilla ships Metro Firefox beta for Windows 8
- Mozilla defers Firefox's new 'Australis' UI to April
- Mozilla resets Metro Firefox ship date to mid-March
- Mozilla ships Firefox 26 with opening click-to-play move
- Mozilla banked $274M in '12 from Google-Firefox search deal
- Google trumpets Chrome's SPDY gains
Read more about Desktop Apps in Computerworld's Desktop Apps Topic Center.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Pay-as-you-Grow Data Protection: IBM Tivoli's Full-featured Data Protection Suite for Small to Medium Businesses IBM Tivoli Storage Manager Suite for Unified Recovery gives small and medium businesses the opportunity to start out with only the individual solutions...
- Streamline Data Protection with IBM Tivoli Storage Manager Operations Center IBM Tivoli Storage Manager (TSM) has been an industry-standard data protection solution for two decades. But, where most competitors focus exclusively on Backup...
- Simplify and Consolidate Data Protection for Better Business Results Learn about IBM® Tivoli® Storage Manager Operations Center, which provides advanced visualization, built-in analytics and integrated workflow automation features that leapfrog traditional backup...
- HP HAVEn: See the big picture in Big Data HP HAVEn is the industry's first comprehensive, scalable, open, and secure platform for Big Data. Enterprises are drowning in a sea of data...
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well...
- The New Way to Work Knowledge Vault This Knowledge Vault focuses on how, in today's increasingly virtual world, it's more important than ever to engage deeply with employees, suppliers, partners,... All Desktop Apps White Papers | Webcasts