Disclaimer

Any opinions expressed here are my own and not necessarily those of my employer (I'm self-employed).

Oct 8, 2011

Making the web even safer: From auto-upgrade to silent updates

Mozilla now aims to add silent updates to Firefox — much like Chrome and Opera already does — as summarized in this Computerworld article. This marks an important milestone, and is an important follow up to Mozilla's decision back in June to auto-upgrade the then soon-to-be unsupported Firefox 3.5. Back then, I blogged about the importance of the bold decision to NOT leave users behind on an unsupported version.

Later in June when Firefox 5 was released, Firefox 4 users where prompted to update to the new version. I was so excited, I had to blog about that too.

Now Mozilla has decided to introduce silent updates to Firefox. From Mitchell Baker's blog we can learn that:
Before Mozilla instituted the rapid release process, we would sometimes have new capabilities ready for nearly a year before we could deliver them to people.  Web developers would have to wait that year to be able to make their applications better.
And why is that a problem?
A browser is the delivery vehicle for the Internet. And the Internet moves very, very quickly.

The key motivation for the change is the lack of agility required to meet new or changing demands in a timely manner. The internet evolves, which means that the requirements for browsers also change rapidly. If capabilities have to wait for a year, something is definetely wrong. Across the software industry there are made great efforts to change software development processes to reduce the time needed to put a new feature or bugfix into production. Many of these efforts push towards agile software development.

With Mozilla's rapid release process came concerns for enterprise deployments, add-on compatibility, and update fatigue for users. Mitchell Baker addresses these in her Rapid Release Follow-Up. One requirement mandated by more frequent releases is to silently take care of the update process for the user. Brian Bondy, a Mozilla developer, mentions the concrete features they're working on as part of the silent update on his blog. Check them out, they're all of the type "Get out of the user's way".

So why is this important for security? For one, there's a lot happening on the border line between browser security and web application security, e.g. the recently added security mechanisms: Strict Transport Security, X-Frames-Options, and Content Security Policy that are triggered by the web application but enforced by the browser. Web browser adoption of such mechanisms is key to their adoption in web application. Second, there's a lot going on with the internal security in the browsers, one interesting example being Chrome's plugin sandboxing initiative. There's only one way to keep users safe, keep them up-to-date.

The broader effect of this will be interesting. Firefox, Chrome, and Opera accounts for about half the browser market. If the major browsers are successful with their rapid releases, they've set an important standard. They've then shown that it can actually be done for widely deployed client software. We're witnessing a paradigm shift on the desktop, version numbers are soon irrelevant. How cool is that!?!

As a final note, how Mozilla organizes their rapid release cycle is explained in more detail on their blog, it will be interesting to see how it works out, and learn about their experiences.

4 comments:

  1. So, why are we trusting other browser makers to be better at this than Microsoft? When MS first started pushing auto-update settings for Windows there was a huge outcry over how bad this was for security.

    Mozilla and Google are not getting nearly the same heat. How come?
    Are newer update systems safer, or have our risk perception changed?

    ReplyDelete
  2. I would argue that we've moved from "do I trust that they got this right", to "I just expect that this works".

    One of the reasons for that is that we're accustomed to the automatic Microsoft Update, as well as auto-updating anti-virus software. We expect that the world has learnt how to solve this. We've simply accepted the risk, and do not spend any more time contemplating about it.

    Do you have any pointers to the huge outcry over Microsoft's auto-update feature? It would be interesting to see what the discussion was really about back then.

    ReplyDelete
  3. I haven't Googled for old articles, and I'm not sure how much we'll find online. This was, after all, pre Y2K. Some of the criticism is mentioned in the Wikipedia article on Windows Update. I think that pretty much sums up what I remember about it: How de we trust that they can keep this secure? Will someone be able to hijack the update process, or upload malicious updates etc.

    Of course, when I say "huge outcry", that's still among those who would be caring about it: the admittedly narrow field of security practitioners.

    To this date, we haven't had many significant incidents. I guess that means it works in practice, despite any theoretical fears of compromise.

    But do you think our expectations are warranted?

    ReplyDelete
  4. As always, there are no guarantees. And the past can seldom tell us much about the future.

    Still, I put my faith in the Microsoft/Google/Mozilla security teams. Don't you?

    ReplyDelete

Copyright notice

© André N. Klingsheim and www.dotnetnoob.com, 2009-2013. Unauthorized use and/or duplication of this material without express and written permission from this blog’s author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to André N. Klingsheim and www.dotnetnoob.com with appropriate and specific direction to the original content.

Read other popular posts