Allow auto-updating of the Agent
The agent currently does not auto-update, due to security concerns of downloading and running code.
Allow an option for auto-updating in some form.
We are not going to implement auto update in the Windows agent for the following reasons:
- Loses predictability for the sysadmin unless we build in our own control panel options.
- Opens a potential security hole if we were to be compromised.
- Another security issue for customers to consider.
- People don’t necessarily want to be on the latest version – they want a stable version which is running fine, then be able to control the process e.g. doing it on a known date, rollback process, etc.
Unlike Linux with apt and rpm, there is no Windows system for distributing packages and updates which we could otherwise use. ClickOnce is Microsoft’s recommended method but may not work with system services.
Instead, we are going to distribute an MSI which will allow for easier installation and updates.
Hi David, thanks for your answer.
As a reference, InstallShield 2012 seems to fully support the auto-update workflow and infrastructure:
The Google Chrome updater for Windows and the Google Courgette algorithm is open source but harder to implement:
"Automatic updating opens a potential security hole where if our systems were compromised, an update could be pushed out to all customers silently and automatically."
I think this is also true:
"Non-automatic updating opens a potential security hole where if our systems were compromised, an update could be pushed out to all customers silently, when they click on the update. People who don't update could run old code with known security risks."
This is just delaying the effects. People will click it and will still install malware. Implement a random() delay in the auto-install and you have the same result.
Now imagine the opposite: Windows Update not working automatically? F-secure antivirus not updating itself? The world would be full of virus!
I think the benefits are real and should be an option. People with stronger security policy could disable it.
Why Google Chrome does it?
Related to security concerns: http://www.f-secure.com/weblog/archives/00002377.html
The design of the agents is they never take any action without it being initiated by the user first e.g. this is why we do not allow plugins to be installed via our web UI - you have to use our local installer.
Automatic updating opens a potential security hole where if our systems were compromised, an update could be pushed out to all customers silently and automatically.
Why clicking on a button on the server would remove that security concern?
What are the precise security concerns and the advantages of not auto-updating?