Friday, August 7, 2009

Google Chrome's automatic update model has a weakness

Google Updater automatically and silently updates Chrome, even if a user is currently browsing the Web (using Chrome). Crucially, however, the update comes into effect only when a user restarts Chrome. I assert that this model for has a shortcoming, which becomes apparent in the way I use my computer.

I frequently keep my laptop running for days on end. Usually, this involves keeping the browser running continuously too. If this browser is Chrome, it means that any updates that are released and applied during these days won't come into effect until I restart Chrome (which may take place after many days, because I usually have too many tabs and windows opened, and it's just not possible to restart the browser). Any browsing that I do in these days potentially exposes me to security threats. 

Proposed solution: When Google Updater updates Chrome, it should notify the user that an update has been applied, and should strongly suggest restarting the browser if the update includes security-related improvements (Google's current approach, combined with my proposed solution, as well as some other update-related ideas that I haven't yet listed is a near-ideal update system I call "HyperUpdate"). 

Update (11-9-09): I just noticed this message on one of my workstations, and it shows that Windows automatically/forcibly restarts the system when certain important security updates are applied. This is probably done to prevent a vulnerable system from continuing to run till a user-initiated restart takes place (the flipside is that these automatic restarts have frequently led to data-losses). This situation is similar to the continuing-to-run-vulnerable-Chrome situation that I've described above
Update (12-9-09): Kaspersky Internet Security 2009 also alerts the user to restart the system, whenever an update is downloaded that can come into effect only after a restart. Again, this is to prevent a less-fortified KIS from continuing to run, creating a window, in which KIS isn't providing as much protection as it can.
My idea to reduce the amount of spam email in inbox

No comments:

Post a Comment