When Google released the first version of its Chrome web browser, many eyebrows were raised over the fact that it updated itself automatically and silently, in the background, without user intervention or even so much as a notice. As it turns out, this has been a brilliant move by Google, as Chrome users are the most likely to have up-to-date installations of their browser, followed at a respectable distance by Firefox users. Safari and Opera trail behind significantly.
The news comes from a report engineered by the Swiss Federal Institute of Technology’s Stefan Frei and Google’s Thomas Duebendorfer, in which they accumulated version strings off Google servers all over the world. They then looked at how many people upgraded to a new version within 21 days of its release. The numbers are shocking – security fetishists may want to avert their eyes.
Overall, they found that 45.2% (!) were not using the latest version of their web browser when visiting Google’s servers. As we all know, browsers are increasingly being used as an attack vector, so not running the latest version of your browser is just asking for trouble.
Diving deeper into the figures, they found that Chrome is the king when it comes to deploying updates: within 21 days of the release of Chrome 18.104.22.168, 97% of Chrome users hitting Google’s servers had the update installed. Firefox came in second, with 85% of Firefox users hitting Google’s servers having updated to Firefox 3.0.8 within 21 days. Safari users lagged behind considerably, as 53% of Safari users had updated to Safari 3.1.1 within 21 days (Safari 3.2.0 and 3.2.1, which raised the minimum OS version requirements, did even worse: no more than 33%). Opera, which forces its users to install updates as if they were fresh installations, did the worst: only 24% of Opera users installed Opera 9.63 within 21 days of release.
As you can see, the silent update feature in Chrome works the best, followed by Firefox’ one-click updates. Safari comes in third with its reliance on Software Update; let’s not even get started about Opera. In case you’re wondering, Internet Explorer is left out of the picture because its version string does not differentiate between minor versions.
When it comes to web browsers, silent updating simply is the way to go to get users to upgrade to the latest, more secure version of their web browser. Some have reservations about auto-updating tools, mostly thanks to hideously bloated updaters from Sun and Adobe. However, Google’s background updating service takes only 816k of memory on my systems, and since it all happens silently, you’re never bothered by pop-ups or other workflow-interrupting elements. Note that Google’s updating service is available as open source under the Apache license, so you can check whether or not it does anything fishy.
I guess both Safari and Opera (and probably IE too) can really learn quite a few things from both Chrome and Firefox when it comes to updates. Especially Opera might want to take a look at its updating scheme, and implement at least some sort of updating mechanism that’s slightly less 1995, instead of worrying about Microsoft and IE tying.
I would always choose to be notified of an update and given the chance to decline. I have been bitten many times by software updates (including security updates) that caused instability and conflicts with other packages. UI changes and feature loss have also happened during updates so bypassing the users ability to say no is never a good idea. At least if I am told an update has been done I know where to start looking for solutions to problems.
The best way of managing updates is to show a dialog box notification at startup with a choice and a delay before it can be cleared, then allow the software to update itself. Having to download a new version by visiting a web site is a pain that is unnecessary in 2009.
If the option of silent updates is available, at least give us a choice. Silent updates for the less experienced, and a choice for those who understand the risks.