[stretchwithme]

The author says google is pushing out new versions of the browser automatically now. I was pretty sure I didn't enable the automatic updating feature but when I checked "About Chrome", I was informed that the browser had been updated. Seems to be no way to disable this either. Am I missing something?

[modeless]

This is how Chrome has worked since forever, and it's a good thing. Asking the user for confirmation for security updates leads directly to users running known-insecure versions of software. If you don't want auto-updates, use Chromium.

[1337p337]

...Or a different browser.

Seriously, though, Google is used to web development, where they control the software and the machines running it. A new version of GMail rolls out, and everyone gets it. Like in the case of Buzz, this isn't always good, but it makes developers' lives easier.

But desktop applications are a different game. Almost any time you take control away from the user, it's bad. New version of the browser introduces a security flaw? Sorry, you've been automatically upgraded. Hate a new feature? See previous answer. Security hole found in the Google Updater daemon? Oops, we gave it admin privileges and ran it without telling you.

Has Google created so much good will over the years that people don't scream about this the way they would about similar behavior from Microsoft/Apple/DemonizedCompanyOfYourChoice?

[patio11]

Users of b2c software are incapable of making decisions about their security, and should not be asked to.

[sesqu]

An update procedures takes up noticeable amounts of CPU time and bandwidth. Automatic updates means your system slows down arbitrarily, often with no indication as to why. Users are able to make observations at the level of "since I installed software X, my computer doesn't work properly anymore" and interpret that as a virus infection.

Maybe they can't weigh the downsides of new and old versions, but they can weigh the downsides of now and later. Usually they go for later, which is a different problem.

[1337p337]

A pretty dim view of users, but does that mean that Chrome is not for technical people? It's for an audience that is too dumb to be capable of understanding auto-update? (This audience, incidentally, does not exist: users aren't that dumb.)

In either case, the Right Thing was discovered long, long ago: sensible defaults. Users who don't understand the software needn't worry, and those that know what they're doing can make the appropriate decision.

It bugs me to no end when developers take this parental tack with users, as if we were not only responsible for producing the software, but also for ensuring the user doesn't do anything to harm themselves. Put an are-you-sure dialog box in the way, but don't try to force anything on your users. Even if you know better, you're over-stepping and your second-guessing of the user is misguided.

[modeless]

> Almost any time you take control away from the user, it's bad.

Right, that's why the App Store has been a huge flop, and its closed model isn't being duplicated by everyone who's making an OS these days as fast as they can run their copy machines.

(Yes, I know that the App Store does prompt users for updates, but in all other respects it's a much more tightly controlled system than PCs, and users love it.)

[1337p337]

Prompting, rather than running a daemon that does it automatically, is the entire point of what I said. Adding functionality isn't taking away control unless you have to color outside the lines to disable it.

[gaius]

Imagine the howls if Microsoft had done this...

[drdaeman]

Howls of joy because we won't have any IE6 systems left? ;)

[edanm]

It's not about Google vs. Microsoft. The world has simply gotten smarter about such things, and most people now accept auto-update as a good idea.

[rmc]

It would be brilliant! If MS did this then IE6 would have dissappeared long ago!

[rmc]

I use Chromium installed with apt. All my software on my computer gets updated automatically :)

[aj]

Yes, that is a feature that Google has hardcoded into Chrome. You CANNOT disable auto-updates or even make it so that you are asked for confirmation.

[masklinn]

Of course you can (disclaimer edition note: but it's not necessarily for the faint of heart, and isn't officially supported. On their updater and update policy, Google manages to be worse than Apple on Windows, which is already pretty fucking bad).

1. On Windows and OSX (at least), the actual updating is performed by a single service running in the background for all Google applications (the Google Updater). This service is installed and/or activated by all Google applications, every time you install them (or run them, in OSX, not sure for Windows). I'm sure you can find how to do the same in Windows but my know-how is not good enough, but in OSX you can disable GUS forever by uninstalling it, emptying its directory and then setting it write-only. This way, it's not possible for GUS to be reinstalled.

2. A good enough outbound firewall (I'm partial towards Little Snitch on OSX) will allow you to block connections to the update server, and make GUS unable to query it, and therefore to update Chrome without your consent.

[barrkel]

On Windows, Autoruns from SysInternals (http://technet.microsoft.com/en-us/sysinternals/bb963902.asp...) works fairly well for finding out about these things that happen automatically, and disabling them, as easy as unchecking a checkbox. There's at two categories relevant to googleupdate: CurrentVersion\Run, and Task Scheduler.

[barrkel]

Too late to edit: there's a third one, in Services, on my machine gupdate1ca54[more hex digits] - it also links to googleupdate.exe.

[aj]

Ugh, of course, there are work-arounds. But if you re-read my comment, I said it is hardcoded in Chrome. I was talking about Chrome.

Another point: Your method will disable all google updates (google toolbar, google talk etc) which is a good side effect imo but not necessarily desirable by all.

[barrkel]

It's not hardcoded in Chrome, at least on Windows it's not. I'm currently running 4.1.249.1045, which I gather isn't particularly recent, because I seldom use it except for Facebook and other sites I don't trust to be logged in to for general browsing.

[aj]

Please do check and tell if you have the Google Updater service running and that it is working fine?

Else, please tell how you managed to turn off automatic updates in Google Chrome?

[barrkel]

Google Updater is not running. I turned it off with Autoruns, like I said in my other comment.

[fauigerzigerk]

That's a very bad "feature". On some connections I pay for every MB downloaded.

[beej71]

I agree it's questionable from a money standpoint, but not updating your browser is questionable from a self-preservation standpoint, as well.

(But I also agree that should be your decision to make.)

The compression Chrome uses on the diffs is pretty hardcore:

http://www.chromium.org/developers/design-documents/software...

So you can at least be reasonably certain that your browsing bandwidth dwarfs the Chrome updates, FWIW.

[fauigerzigerk]

I don't understand why they're taking that decision away from me. They could just enable auto update by default so most users would always be up-to-date unless they have a reason for disabling it. There are some good reasons other than money as well, such as privacy and security. I don't want my computer updated in any shape or form when I'm on an airport or in an authoritarian country for instance.

I don't know whether a Chrome update is dwarfed by regular browsing. The link you posted shows the size of one particular diff update they did. That's a completely worthless measure. The worst case, no doubt, is that everything has to be replaced and that would be 10MB.

[darren_]

Security-wise I'd be very surprised if Chrome updates weren't signed; MITMing of auto-updates isn't exactly new (see EvilGrade). So I doubt it's an issue there.

That said, I agree that there should be an option (not a prominent one) to switch it off.

[wazoox]

Fortunately, the auto-update feature doesn't work on my Linux machines.

[russss]

Chrome's auto-update feature on Debian-based distributions at least consists of it installing its apt repository in your sources.list. Which is fine by me.

[jan_g]

Same here. Everything is managed via Synaptic update manager and Chrome gets updated only after I hit the button 'Install updates'.

[DennisP]

Then why is my Chrome still on version 3?

[bostonvaulter2]

If you switch to linux it won't auto-update.