The objective must be to ensure the user's browser is as up to date as reasonably possible, yet to achieve this firefox appears to require the security of the local system be compromised.
There are two steps required to ensuring prompt updates:
1 - detect whether there is an update available, which can be done in two ways:
- (i) manually - the user remembers to poll the mozilla website periodically; inevitably they don't check often enough
(ii) automatically - the browser checks reasonably frequently on the user's behalf. Obviously this is preferred.
These are completely separate tasks, yet as I understand it the current firefox logic is that updates can only be automatically checked for if the user also has sufficient local permissions to apply the update.
Which means that just to be notified of an available update either the user has to run firefox as an Administrator, or the permissions on the firefox install must be modified to enable any user to modify it. (http://support.mozilla.com/en-US/kb/Che ... s+disabled)
Neither of those options is great:
running the browser with Administrator privileges gives a successful hack complete access to the entire system; (and presumably every user would need Administrator privileges!)
derestricting access to the installed firefox gives a successful hack complete access to the firefox install, thus compromising all users of the machine, and also the opportunity for any user to inadvertantly damage the install.
Surely this should actually work thus:
1 - updates are automatically checked for regardless of user privilege (unless the user deselects the appropriate tools->options checkbox)
2 - if an update is found then the user's options are:
- - if the user has sufficient privilege to apply the update then all possible options are available
- do nothing/apply/download and apply later/whatever
- - do nothing
- download, and apply separately (by doing "run as" on the exe)
- download and apply by temporarily raising privilege (which requires user credential input)
So, what am I missing? Why is the current setup any good?