Interviewed by CNN on 04/06/2011 00:14, Jay Garcia told the world: > On 03.06.2011 20:49, Paul B. Gallagher wrote: > > --- Original Message --- > >> Jay Garcia wrote: >> >>> If Mozilla is the only one supplying the updates then how do you >>> figure that's a dangerous move, i.e., How is malware,etc. going to >>> get injected into a Mozilla-0nly supplied update? By your thinking, >>> Microsoft automatic updates are also "dangerous". >> >> Without taking a position either way, how does the user know it's really >> Mozilla supplying the update? Is there some kind of authentication >> process, or do we just have to close our eyes and trust? >> >> If I were a malware author, I would LOVE to be able to tap into one of >> these update pipelines and infect millions of trusting users within >> hours. But I'm not, so I don't understand what safeguards are in place, >> if any. >> >> I was briefly an AOHell sufferer in the days Phillip describes, and I >> absolutely HATED having my computer taken captive without notice and >> without my consent to install something they thought was essential. >> Fortunately, that's not Mozilla's way. >> > > I can only go by example since Mozilla hasn't enabled this feature yet > so there isn't any history yet. However, as long as Microsoft hasn't had > any problems with their auto-updates I would have to assume that MS > would be a prime target for malware authors to invade. AFAIK there > hasn't been any malware attached to MS updates. >
Actually, Firefox 4 by default auto-updates: when online, it checks periodically with the Mozilla servers if there's a new minor version or a patch. If there is one, it will download it and install on next Firefox restart. It's a complicated equation. Google auto-updates even major versions of Chrome. The downside of it is that yes, you are giving them the privilege to install stuff on your machine. And new major versions might break compatibility with stuff you need -- for instance, I ran into an odd problem with Flash ads that only appeared in IE9 (downgrading to IE8 solved the issue), and Firefox 4 is incompatible with the current version of a (required) plugin used by several Brazilian banks. The upside? Well... Some 10-20% of IE users are still using IE6 -- which is *three* major versions old, and has been superseded by IE7 almost *five years* ago. That's a very long lingering tail of old versions. Even Microsoft is concerned. Things are slightly better on the Mozilla front -- but I still find LOTS of users using FF 3.6.x (and not always the latest update), a fair number using FF 3.5, a few using FF 3.0, and now and then one using FF 2. So, there's quite a bunch of old Mozilla around. Not as much or as old as IE, but still a lot. Meanwhile, most Chrome users are already using Chrome 11. You will still find some with Chrome 10, a few with Chrome 9 but hardly anyone with Chrome 8 -- which was superseded just *four months ago*.(*) So, auto-update does have its points: it turns over users very quickly to the latest version. (*)There's exceptions, of course. The main ones are people who deliberately turned off auto-updates, and people who installed via MSI package instead of using the default Google Update installer. -- MCBastos This message has been protected with the 2ROT13 algorithm. Unauthorized use will be prosecuted under the DMCA. -=-=- ... Sent from my Constitution Class Starship. *Added by TagZilla 0.066.2 running on Seamonkey 2.0.14 * Get it at http://xsidebar.mozdev.org/modifiedmailnews.html#tagzilla _______________________________________________ support-seamonkey mailing list support-seamonkey@lists.mozilla.org https://lists.mozilla.org/listinfo/support-seamonkey
