Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Google Open Sources Updater

CmdrTaco posted more than 5 years ago | from the step-in-the-right-direction dept.

Security 174

Jamie noticed the news that Google Update is now Open Source. The article acknowledges the privacy and security concerns of an application that is always running in the background of your machine, and authorized to install new software. And Google made the logically obvious conclusion that releasing the source code would alleviate those concerns.

cancel ×

174 comments

Sorry! There are no comments related to the filter you selected.

concerns alleviated... (5, Insightful)

datapharmer (1099455) | more than 5 years ago | (#27555837)

Well I feel much safer now knowing that the updater is open source. I have for one have no worries about the code actually being updated... that of course is completely kosher.

Re:concerns alleviated... (2, Interesting)

Philip K Dickhead (906971) | more than 5 years ago | (#27555959)

Has anyone built this from source, then checksummed the result to validate that this is the same software?

Bait and switch would be just like these guys!

Re:concerns alleviated... (4, Interesting)

xouumalperxe (815707) | more than 5 years ago | (#27556063)

That would only work if you used the same build of the same compiler, with the same flags.

Re:concerns alleviated... (2, Informative)

0xygen (595606) | more than 5 years ago | (#27557955)

Still would not validate.

Theirs is digitally signed and has date stamps in.

I think the only options is to use something like bindiff, which excludes comparisons of much of the PE metadata.

Re:concerns alleviated... (1)

RichardJenkins (1362463) | more than 5 years ago | (#27556085)

It wouldn't work without knowing the specifics of the environment they compiled in.

Besides, that wouldn't be bait and switch - just outright lying.

Re:concerns alleviated... (2, Interesting)

fuzzyfuzzyfungus (1223518) | more than 5 years ago | (#27556089)

Somebody has to do this, so it might as well be me: Yes, the usual [bell-labs.com]

Re:concerns alleviated... (1)

Dishevel (1105119) | more than 5 years ago | (#27556779)

Bait and switch would be just like these guys!

Cause they have done it so often in the past???

Re:concerns alleviated... (1)

jason.sweet (1272826) | more than 5 years ago | (#27556943)

That probably isn't necessary.

I'm a little worried about this line though

#include "omaha/common/atl_installevilstuff.h"

Re:concerns alleviated... (1)

FreeFull (1043860) | more than 5 years ago | (#27557079)

More strangely, there is no atl_installevilstuff.c. The updater also seems to download a strange binary file from Google...

Re:concerns alleviated... (1, Funny)

Anonymous Coward | more than 5 years ago | (#27557535)

Isn't that protected by an "#if EVIL" though? I wonder what is passed to gcc via -D...

Re:concerns alleviated... (4, Interesting)

0xABADC0DA (867955) | more than 5 years ago | (#27558101)

Bait and switch would be just like these guys!

Google wants an auto updater so badly because it allows them to gather more information on you. Why else would it have ever included a unique identifier? There is ZERO reason for a updater to identify anything besides installed product (if that), not even the currently installed version. Any intelligent person knows this, and google is a cut above. That means it was certainly their intention to collect more information through updates. And why wouldn't google do this?

Even today there are a lot of people that never log in to a google service. Google updater is really about identifying and categorizing these users, for better ad targeting or accounting or whatever purpose. All they have to do is install any one google product, even if they never use it. If you log in to google often they already have a great profile on you.

The update check lets them tie your IP address with their profile on you. Many people have 'stable' IP addresses, even though they are using DHCP they get the same address. The updater lets google determine this, or that a person's IP address isn't stable.

The simplest, most effective, and most obvious method to track individuals is with a unique ID. This was the first method updater used (ie, google thinks everybody else are idiots). This provides a direct IP to user mapping at ever update.

Next, they might try a last-update-at timestamp. Even at a second resolution with list of installed products this lets them easily map IP to user with a high degree of accuracy. But they'd probably try something to tighten this up, like return a time cookie from the server and store it for next time.

If they can't do a direct mapping like this, they'll try something more sneaky like 'anonymous usage data' that then can just look up in their database... how many users accessed gmail exactly 327 times and groups 136 times in the last week? Repeat until it narrows down to one.

So the updater software itself is irrelevant. The only issue is what data does it send and does it run often enough to lock down your IP, or determine how your IP changes over time. This is important because tracking images, google-analytics, ad-words can determine your IP as you visit sites.

Re:concerns alleviated... (1)

Philip K Dickhead (906971) | more than 5 years ago | (#27558659)

Dead spot on.

Thanks for the clear insight on the issue. Looks like it's time to blackhole GOOGLE.COM at the edge.

Re:concerns alleviated... (4, Funny)

jollyreaper (513215) | more than 5 years ago | (#27556327)

Well I feel much safer now knowing that the updater is open source. I have for one have no worries about the code actually being updated... that of course is completely kosher.

Don't worry, I checked. Has the little (u) and everything for Passover. Dunno how it'll be after the holiday's over, though.

Re:concerns alleviated... (0, Troll)

mogwhy (756595) | more than 5 years ago | (#27556655)

Well I feel much safer now knowing that the updater is open source.

Expect virus / trojan to mimic Google Update "exactly".

Coming to a botnet near you soon.

Although there are hidden benefits, botnets will update themselves ensuring that software / machines runs at optimal performance for the benefit of the botnet as a whole.

Re:concerns alleviated... (1)

moon3 (1530265) | more than 5 years ago | (#27557919)

source code != binary distribution

This is Windows world we are talking about, if I am not mistaken. Pretty much nobody builds their own binaries from source code there...

Frist Update! (-1, Troll)

Anonymous Coward | more than 5 years ago | (#27555847)

Got it.

For the love of god (5, Interesting)

Anonymous Coward | more than 5 years ago | (#27555849)

Someone add a feature to turn it off completely.

Re:For the love of god (0, Redundant)

ionix5891 (1228718) | more than 5 years ago | (#27555879)

damn no mod points today

mod parent up

I'm sorry Dave (0)

Anonymous Coward | more than 5 years ago | (#27555949)

I'm afraid I can't do that.

Re:For the love of god (5, Informative)

Jamie's Nightmare (1410247) | more than 5 years ago | (#27555965)

Here's a wild and crazy idea. You could disable the Google Updater Service via Control Panel\Administrative Tools\Services. I know.... I know.... radical, but it actually works. Imagine that.

Re:For the love of god (5, Informative)

Perseid (660451) | more than 5 years ago | (#27556079)

And don't forget to turn off the scheduled event to turn the service back on. And don't forget to do it all over again every time you install/update anything by Google. Also, the instructions to kill it don't seem to be the same all the time. Maybe it depends on exactly what app you're installing. Maybe it's just Google trying to screw with my mind. Google Update needs to die.

Re:For the love of god (1)

dziban303 (540095) | more than 5 years ago | (#27556689)

For some reason, Google Updater refuses to download on my laptop (as does Windows Update, and I suspect they may be related, though I've spent hours trying to get them both to work with no joy). It's pretty infuriating that I can not download software I need (Google Earth) because their stupid Updater refuses to work. There used to be a way around it, where you could download the GEarth installer directly, but I can't seem to find it. Any ideas?

Re:For the love of god (1)

dziban303 (540095) | more than 5 years ago | (#27556761)

For some reason, Google Updater refuses to download on my laptop (as does Windows Update, and I suspect they may be related, though I've spent hours trying to get them both to work with no joy). It's pretty infuriating that I can not download software I need (Google Earth) because their stupid Updater refuses to work. There used to be a way around it, where you could download the GEarth installer directly, but I can't seem to find it. Any ideas?

NM.

Re:For the love of god (1)

Tikkun (992269) | more than 5 years ago | (#27556949)

This reminds me why I like cron.

Re:For the love of god (1, Insightful)

Anonymous Coward | more than 5 years ago | (#27556969)

Yes, because the tiny geek population has a fractional percentage of paranoid people who demand updater be turned off constantly, they need to completely change their model. How about this, people who suffer from extreme paranoia just don't use google products, and the updater stays the way it is? I know that for 99% of the population I deal with, everything possible needs to automated or they will never get any security fixes at all. Those of us with the knowledge to turn services on and off, etc, and just turn the thing off.

Re:For the love of god (1)

AmiMoJo (196126) | more than 5 years ago | (#27558073)

This sounds like an excellent project for someone. Produce a Google app installer without the privacy and take-over-your-pc stuff. Why do I even need Updater just to install Google Earth or Chrome?

Speaking of Chrome, I'm surprised there isn't a community build yet. There is Iron, but it's produced by a commercial company and I don't have time to check what they did myself. At least I can more or less trust Firefox.

Re:For the love of god (-1, Offtopic)

Anonymous Coward | more than 5 years ago | (#27556103)

Here's a wild and crazy idea. You could disable the Google Updater Service via Control Panel\Administrative Tools\Services. I know.... I know.... radical, but it actually works. Imagine that.

Do you like fish dicks?

Re:For the love of god (1)

octaene (171858) | more than 5 years ago | (#27556123)

Or perhaps block the thing with your desktop firewall?

Re:For the love of god (0)

Anonymous Coward | more than 5 years ago | (#27556993)

Sure. Then you're only wasting memory, a bit of CPU (and/or battery life if on a laptop machine), and boot time to start something that you've blocked from functioning and don't want to be running AT ALL.

I wonder how much energy and network congestion could be saved across millions of machines by Google not bundling Google Updater with their other software, or at least by making it easier for people to completely and permanently remove it if they don't want it? By permanently remove, I mean no reinstall EVER, even if you install new Google applications. What would it take? A simple registry setting "NeverInstallGoogleUpdater=1"?? I'd have no problem with the installer asking "Are you sure?", just in case someone changed their mind.

Re:For the love of god (0)

Anonymous Coward | more than 5 years ago | (#27556233)

Like some kind of horrible parasite, it grows back if you cut off the exposed bits.

Re-running some of Google's programs re-enables it. You also have to remove it from Scheduled Tasks.

Re:For the love of god (1)

spydabyte (1032538) | more than 5 years ago | (#27556487)

From TFA:

it can't be disabled unless you uninstall all the applications that use it and there are some privacy issues.

Re:For the love of god (1)

Joren (312641) | more than 5 years ago | (#27557701)

Here's a wild and crazy idea. You could disable the Google Updater Service via Control Panel\Administrative Tools\Services. I know.... I know.... radical, but it actually works. Imagine that.

Yeah, good luck with that. Every time I do that, some time later it gets magically reset to "enabled", usually around the next time you install anything that decides to bundle itself with the updater, but sometimes even without that trigger. I haven't been able to figure out precisely when or how, but it keeps getting changed back and I'm rather pissed at Google about it.

This action communicates an attitude of "I'll take what I want when I need it, and that's the price of using Google software." I hope some sensible person will decide that's not what they want to communicate to their customers. I tried providing feedback [google.com] , but interestingly they have shut down what until now was the only forum for submitting suggestions and concerns.

Re:For the love of god (5, Informative)

dfm3 (830843) | more than 5 years ago | (#27555987)

Google has already provided instructions [google.com] on how to uninstall the updater [google.com] .

Of course, it will be reinstalled within a few hours if you run another Google program. On my Mac I just changed permissions on the /Library/Google/GoogleSoftwareUpdate and ~/Library/Google/GoogleSoftwareUpdate folders to 000, and Google Earth no longer reinstalls the updater or asks me to do so. I never gave GE my password. I'm not sure what the workaround is for Windows.

Re:For the love of god (4, Insightful)

syousef (465911) | more than 5 years ago | (#27556323)

On my Mac I just changed permissions on the /Library/Google/GoogleSoftwareUpdate and ~/Library/Google/GoogleSoftwareUpdate folders to 000, and Google Earth no longer reinstalls the updater or asks me to do so. I never gave GE my password. I'm not sure what the workaround is for Windows.

1. Install Linux
2. Follow above instructions.

Re:For the love of god (2, Insightful)

morgan_greywolf (835522) | more than 5 years ago | (#27556417)

Google doesn't have an updater on Linux, at least not one that came with Google Earth or Google Picasa.

Re:For the love of god (1)

enHatt (1283014) | more than 5 years ago | (#27557425)

So just step 1, then.

Re:For the love of god (1)

dfm3 (830843) | more than 5 years ago | (#27558361)

Hey, I never said I was running Mac OS X on that Mac. For all you know it could be a very expensive Linux box. :-P

(Well, actually, I am running OS X. When I'm not booted into Ubuntu)

Re:For the love of god (3, Informative)

thePowerOfGrayskull (905905) | more than 5 years ago | (#27556631)

I never gave GE my password. I'm not sure what the workaround is for Windows.

Similar. Using the CACLS command line tool, or the Security dialog in file properties, remove all file permissions for all users except the "delete" and "read attribute" permissions.

Read attribute might be able to go too, I haven't tested - but the above will make it so that the file can't be updated, can't be executed, but can still be deleted when you want to.

Re:For the love of god (1)

troylanes (883822) | more than 5 years ago | (#27556919)

Thanks for this comment. Obviously brilliant.

Re:For the love of god (1)

AmiMoJo (196126) | more than 5 years ago | (#27558133)

On Windows you can either make a file in the Program Files directory with the exact name of the Google Updater directory (which prevents it from being created), or you can use gpedit.msc to set a "no execute" policy for files in that directory.

Re:For the love of god (0)

Anonymous Coward | more than 5 years ago | (#27556057)

First thing I thought of -- now maybe I can figure out a way to automatically disable and remove it the moment anyone tries to install Google's software, or invent a stub that does nothing but make the other application software happy enough to go about its business. Either that or I'm going to have to start adding Google to the list of banned software on my lab machines.

Why, oh why, did they start doing this? At the very least it should be an optional add-on, rather than something bundled automatically.

When I get something working I DON'T want it to be automatically updated, and I don't want myself or other users to be nagged constantly about the opportunity to upgrade either. I hate auto-update software. The last thing I expected was for Google to "do an Adobe". What were they thinking?

Kudos to Google for providing the code that might help disentangle this monstrosity from the otherwise good Google programs, but they could have saved a lot of hassle by making it optional in the first place.

Re:For the love of god (1)

DavidTC (10147) | more than 5 years ago | (#27557127)

I don't like auto-updates, but don't really mind if the application checks for updates. I use filehippo's update checker to do updates, but I'm okay if the program itself does it, although I turn if off whenever I can. I run filehippo's checker once a week.

But I loathe background programs that run all the time that do updates. What the hell? Is this some sort of ego thing?

No, your program is not important enough to have a background task to update it. It's probably not important enough to have a background task at all. You want it to update itself, it can wait until it's running.

Of course, what I'd really like is for Microsoft to get their fucking act together and make it trivial for third-parties to add things that show up during Windows Updates.

Re:For the love of god (0)

Anonymous Coward | more than 5 years ago | (#27557709)

Or better yet just write a fucking package manager.

Oh wait, that would put all the Installer makers out of business!

Managing Google is becoming more difficult. (2, Insightful)

Futurepower(R) (558542) | more than 5 years ago | (#27557199)

The problem is fundamentally social. Companies, and social groups in general, are always both growing socially and dying socially. In a company as well-established as Google, the challenge is to keep the processes of growth stronger than the processes of death.

More and more, Google seems to be out of control. There seems to be insufficient friendly oversight of the many initiatives inside the company. That typically occurs because everyone is busy, and because there is no one inside the company who both understands particular social processes and has the power and insight to influence them. Friendly, creative management is a lot more difficult than the average person realizes.

Of course, Google started from a very high level of excellent management. Google's management ability was initially not only in providing an excellent search engine, but also in being able to build the infrastructure necessary to serving billions of queries of a database, each in less than a second.

I'm very interested in such issues: Futurepower® [futurepower.net] .

Re:For the love of god (0)

Anonymous Coward | more than 5 years ago | (#27556129)

I second that motion!

Re:For the love of god (-1, Redundant)

Anonymous Coward | more than 5 years ago | (#27559103)

Oh, yeah? Well, I second that *Emotion*!

Why this behviour? (1)

Midnight Thunder (17205) | more than 5 years ago | (#27557213)

Someone add a feature to turn it off completely.

Can someone remind why they did it this way again, other than for annoyance? Whatever good reason they had is probably nullified by the fact people try to remove it, because of its annoying behaviour. Please just let me know when I use the application, and not when I haven't opened the application for over a month.

On MacOS X Sparkle [andymatuschak.org] is a nice way to go about things, and something I would like to see ported to other platforms.

Re:Why this behviour? (1)

Serious Callers Only (1022605) | more than 5 years ago | (#27558883)

Exactly - all they need to make this problem go away is to adopt the rather more sane update mechanism used by other apps - check for updates on a given schedule when the app is launched - if it's out of date, inform the user, and give them a choice of what to do.

I don't care if it's open or closed source, made by Google or any other company - I don't want background processes running unless they are absolutely necessary, and this one is not.

will someone make it better? (1)

smallshot (1202439) | more than 5 years ago | (#27555865)

now that it is open source, will someone write a better version of it that gives more control to the user? Is that allowed under the license they released it under?

Finally some justification (3, Insightful)

PhasmatisApparatus (1086395) | more than 5 years ago | (#27555871)

to the "do no evil" slogan.

And of course, this goes hand-in-hand with keeping Chromium easy to use.

Re:Finally some justification (1)

Nerdfest (867930) | more than 5 years ago | (#27555919)

It could still be doing evil, but you can now find the evil yourself and remove it. Most people of course will be running supplied binaries, not compiling the code themselves, and don't know the difference anyway.

Re:Finally some justification (5, Funny)

eln (21727) | more than 5 years ago | (#27556235)

Yes, but as always happens when you open source software, a huge community will immediately spring up from the ground to fork it and start adding features to it. After a few months, that community will decide what it really needs is a ground-up rewrite. After 5 years and several hundred alpha releases, you'll be able to download the first beta of the rewritten app, which by this point will have morphed into an entire Linux distribution which, unfortunately, lacks decent software update capabilities.

Missing The Point (4, Interesting)

Blue Stone (582566) | more than 5 years ago | (#27555909)

It's not the privacy and security aspects of having Googel Update always running in the background that concerns me, it's that a process that is only needed once in a while is constantly running using up resources unnecessarily.

Adobe seems to have got it right with its latest version of Adobe Updater - only launch when an Adobe product is launched and in addition allow the user to modify the schedule. I can set Adobe Updater to never check for updates (do it manually) only once a month, or every time, but the crucial part is that it only runs when I run Photoshop (or whatever).

No need to have an updater constantly running in the background at all.

Re:Missing The Point (0)

Anonymous Coward | more than 5 years ago | (#27556049)

And it sounds like you still don't understand the concept of sleeping processes. Just because there's a process taking up a number in a process table, it doesn't mean that it's doing anything else. It won't be using any RAM because it's paged out to disc. It won't be using any processor cycles because it's sleeping. Helps to understand these things before you complain about them.

Re:Missing The Point (0)

Anonymous Coward | more than 5 years ago | (#27556137)

He's probably the kind of guy who shits his pants whenever his OS and running apps use more than 700MB of his 8GB of RAM.

Re:Missing The Point (0)

Anonymous Coward | more than 5 years ago | (#27556369)

It still clutters your "ps -a".
Really, why not run it from cron.
Why not have every program running all the time
just in case they want to do something.

Re:Missing The Point (2, Interesting)

thePowerOfGrayskull (905905) | more than 5 years ago | (#27556731)

And it sounds like you still don't understand the concept of sleeping processes. Just because there's a process taking up a number in a process table, it doesn't mean that it's doing anything else. It won't be using any RAM because it's paged out to disc. It won't be using any processor cycles because it's sleeping.

That all really depends on whether the process that you're assuming to be asleep is well-behaved.

Helps to understand these things before you complain about them.

Helps to not make assumptions about those proprietary binaries running on your system... (google update notwithstanding, since we don't know that the source they've released matches the binary we get.)

Re:Missing The Point (2, Insightful)

Anonymous Coward | more than 5 years ago | (#27556097)

There are several reasons why Google Update runs all the time that you're missing, but the crucial assumption you seem to be making is that the process is "constantly running using up resources".

Google Update was coded pretty carefully to sleep nearly all the time and have as minimal a footprint as possible. I challenge you to detect any degredation of system performance with it running, especially since its CPU and memory load is less than any of several dozen always-running services that come with the OS.

Re:Missing The Point (5, Insightful)

ultrabot (200914) | more than 5 years ago | (#27556665)

There are several reasons why Google Update runs all the time that you're missing, but the crucial assumption you seem to be making is that the process is "constantly running using up resources".

All of this handwaving is unnecessary, since the problem is "ethical" in a sense. The user does not want to have google updater running for whatever reason => the user should be able to remove it whenever he wants. I suppose the rootkit sony installed back in the day didn't consume too much resources either.

Processes that always run make admin complicated. (4, Insightful)

Futurepower(R) (558542) | more than 5 years ago | (#27557499)

MOD PARENT UP! '... the problem is "ethical" in a sense.'

Processes that run all the time make computer administration more complicated. The issue is not just one process; many, many companies want control over user's computers and believe that a system process is the way to achieve that.

Google Updater should run only when a program supplied by Google is running. Unnecessary control is always a reason for criticism, not just unnecessary control over other people's computers. Google managers must weigh whatever hidden benefits they hope to get with the widespread bad public relations that comes from being discussed on Slashdot for doing something many people don't like.

Re:Processes that always run make admin complicate (2, Interesting)

Val314 (219766) | more than 5 years ago | (#27559447)

Google Updater should run only when a program supplied by Google is running.

So think about this scenario:

A product has a security issue tha can be exploited remotely (lets say (and this is hopefully not a real exploit, but something like this could theoretically happen)

Google earth has an issue with KMZ files (buffer overflow, whatever)
user gets a kmz file
opens it
--> exploit can do its thing.

It is now useless that Google Earth would display "there is an important security update available".

therefor: it is important to patch the apps *before* opening it.

please note: that is not specific to the google updater, but every app that only checks for updates while it runs.

Re:Missing The Point (3, Insightful)

jollyreaper (513215) | more than 5 years ago | (#27556671)

There are several reasons why Google Update runs all the time that you're missing, but the crucial assumption you seem to be making is that the process is "constantly running using up resources".

Google Update was coded pretty carefully to sleep nearly all the time and have as minimal a footprint as possible. I challenge you to detect any degredation of system performance with it running, especially since its CPU and memory load is less than any of several dozen always-running services that come with the OS.

Doesn't matter. Just have it run once a week on startup like most apps do and we're fine.

As far as Windows goes, it'd be nice if third parties could register with Windows update. You install app X, it now gets to be polled on Windows update at whatever schedule you use. Update available, there you go. It'd be like what the Linux distros do with their lovely updaters.

I just hate extraneous shit that gets installed and harshes your computer's well-being. Perfect example are the shitty printer TSR's that just sit there in the corner hogging up resources waiting for you to print. Why? Unnecessary! And when you uninstall them it's like your computer gets a needle of adrenaline right in the heart, it's ten times faster than you're used to.

About only half of what sucks about Windows can be directly blamed on Microsoft. The rest of it has to be blamed on the third party apps.

Re:Missing The Point (0)

Anonymous Coward | more than 5 years ago | (#27558291)

Every little background service here and tray icon there eventually add up. You end up with clutter in your process list, services list, event log, random folders on your hard drive, tons of unnecessary registry entries and a cumulative performance/resource hit.

It's my computer and I'll use it the way I like. If Google insists that their stupid updater install itself along with every application they put out, then I won't be using any of them and I'll discourage others from using them as well.

Re:Missing The Point (1)

coryking (104614) | more than 5 years ago | (#27558375)

It is one more damn program that has to start up when I reboot (which isn't often). That slows down the startup process. It runs per-user not per-machine, which probably pisses off people running terminal server (or people who actually use the fast-user-switch stuff).

There are several reasons why Google Update runs all the time that you're missing

I cannot think a single reason. Not one. You can schedule update checks like everybody else. You can even do it hourly if you are worried about "OMG ZERO DAY EXPLOITZ!!".

Re:Missing The Point (2, Interesting)

samkass (174571) | more than 5 years ago | (#27556121)

In addition, make the installation really explicit and give me options to completely skip an upgrade and not have it bugging me all the time. Seriously, this open sourcing is just a red herring. The real issues are how Google is using it, not what the tool is specifically doing.

you're missing the point, too (1)

speedtux (1307149) | more than 5 years ago | (#27557305)

Adobe seems to have got it right with its latest version of Adobe Updater - only launch when an Adobe product is launched

No, that's not right either. What Windows and OS X really need is a decent package and dependency management system like, oh, Linux has had for more than a decade.

Re:Adobe Updater (1)

twmcneil (942300) | more than 5 years ago | (#27558733)

Adobe seems to have got it right with its latest version ...

I accidentally spit my coffee when I read that! Dude, you owe me a keyboard.

Would rather they fix it instead. (2, Interesting)

ssjx (1235532) | more than 5 years ago | (#27555917)

"Unfortunately, the service has many bugs, it can't be disabled unless you uninstall all the applications that use it and there are some privacy issues"

I would prefer it if they fixed Google Update instead of releasing the source. Making it optional and easy to remove would be a good start. Amazingly Apple Update works better and most Apple software on windows, besides Safari, is lousy...

Re:Would rather they fix it instead. (2, Insightful)

FrostDust (1009075) | more than 5 years ago | (#27555995)

I would prefer it if they fixed Google Update instead of releasing the source.

Thanks to the source release, you now have more than just one "they" to look at.

Re:Would rather they fix it instead. (1)

pete-wilko (628329) | more than 5 years ago | (#27556363)

Hahahahahahahahahaha..... ahh that's the funniest thing i've read today.

Wait, you're being serious? This is the apple updater that runs in the background, dumped me out of Trackmania when I was on a hotlap and asked me if I wanted to update iTunes and install Safari even though I had neither ran iTunes or installed Safari? Btw I absolutely HATE that about the apple updater, already had one machine get a copy of safari due to 'click ok' numbness.

Maybe it's better on mac, on XP its a nightmare.

This is not a solution. (-1)

Anonymous Coward | more than 5 years ago | (#27555925)

The Italians can still use Google to attack America, regardless of the source of the code. We need to stop fooling ourselves into complacency about the Italian menace, and Google's silence on this matter is complicity in my book.

Italians are censoring me. (0)

Anonymous Coward | more than 5 years ago | (#27557553)

America, wake up!

and in the distance (1, Redundant)

nimbius (983462) | more than 5 years ago | (#27555947)

a chair could be heard, sailing gracefully across the redmond campus.

burying your competitor certainly takes alot of dirt these days.

Jamie (-1, Offtopic)

Anonymous Coward | more than 5 years ago | (#27555973)

I've always thought Jamie was pretty cute chick, what do you guys think?

Logical? (1)

jrothwell97 (968062) | more than 5 years ago | (#27556043)

And Google made the logically obvious conclusion that releasing the source code would alleviate those concerns.

I knew it. Eric Schmidt is Spock's love child... how he managed to hide the ears and eyebrows for this long, though, I don't know.

how to remove googleupdate.exe? (1)

societyofrobots (1396043) | more than 5 years ago | (#27556061)

I can't seem to figure out how to remove it. I tried the Google Updater Service via Control Panel\Administrative Tools\Services\local method and it says disabled . . . I removed it from the list of startup programs in my registry. I'm not running any Google software. But restarting my PC it somehow reloads itself and finds its way into my running programs. Simply using task manager to kill it doesn't even work.

The only solution I can find is tell my firewall to permanently ban it from using my internet connection.

Re:how to remove googleupdate.exe? (1, Informative)

Anonymous Coward | more than 5 years ago | (#27556343)

Find the service name in the Windows Service Browser (find googleupdate in the service list and double-click. It'll be named googleupdate followed by a bunch of random characters). Open a DOS prompt.
Enter this command: INSTSRV REMOVE
That will delete the service, then you can delete the GoogleUpdate folder from your Program Files.

This will work for any other unwanted service as well.

Re:how to remove googleupdate.exe? (2, Informative)

jerwinch (1531239) | more than 5 years ago | (#27556509)

Find the service name in the Windows Service Browser (find googleupdate in the service list and double-click. It'll be named googleupdate followed by a bunch of random characters). Open a DOS prompt. Enter this command: INSTSRV REMOVE That will delete the service, then you can delete the GoogleUpdate folder from your Program Files.

This will work for any other unwanted service as well.

The command is:
INSTSRV servicename REMOVE

Wrong solution - why do we need it? (3, Insightful)

Bearhouse (1034238) | more than 5 years ago | (#27556211)

Why do we need GoogleUpdater anyway?
OK, you could make a case that security updates, especially for 'critical' apps like Chrome, should be 'pushed', but what's wrong with doing that the way other people do, namely checking for an update when you run the program?

Re:Wrong solution - why do we need it? (1)

morgan_greywolf (835522) | more than 5 years ago | (#27556635)

Why do we need GoogleUpdater anyway?

We don't. On Linux and other Unixes, we have things like APT and Synaptic, which, when combined with the software updater interface used in Ubuntu, does just fine checking for updates at specific intervals, etc.

There are also several open source software installers that can be easily extended using already existing scriptability to do updating on Windows (NSIS and Loki Installer are two such examples).

I think Google's main point in open sourcing Google Updater was just to be more transparent.

Re:Wrong solution - why do we need it? (2, Interesting)

0xABADC0DA (867955) | more than 5 years ago | (#27558293)

Because if you install chrome and use it only once, with a background service google still gets regular update checks from your IP address.

Using timestamps or unique IDs or other anonymous usage data they can then group your site accesses into a unique profile. Even if they can't map it to a specific user they get an anonymous profile from it, so they know the site access information they gather in other ways is from the same user instead of multiple users.

Re:Wrong solution - why do we need it? (1)

Val314 (219766) | more than 5 years ago | (#27559481)

Why do we need GoogleUpdater anyway?
OK, you could make a case that security updates, especially for 'critical' apps like Chrome, should be 'pushed', but what's wrong with doing that the way other people do, namely checking for an update when you run the program?

checking for a security update when the app is already running can be to late, see my other post [slashdot.org] .

A Bad Idea Made Worse (5, Insightful)

InklingBooks (687623) | more than 5 years ago | (#27556457)

I'd agree with Bluestone's remarks and add some of my own.

First, an always running updater is a security hole of the first order. Gain access to it, and someone malicious could do anything it could do, meaning alter applications without our knowledge.

Second, there's in this the now-typical Google 'we rule the world' attitude in this--much like that at Microsoft fifteen years ago. Why should Goggle applications has an always running updater while other don't? Not even Apple makes that sort of demands and OS X is one heck of a lot more important to a Mac than anything Google might do.

Third, CmdrTaco is being naive if he thinks open sourcing an abomination leads to the "obvious conclusion" that it's to be trusted. He forgets that the danger lies in the code that's being downloaded, not the code that is doing the downloading. It's the idea itself that's bad not the implementation.

Finally, what does Google intend this open sourcing to do? Do they want every application on our computer to have an auto-update-without-asking running continually in the background? Bad as what Google is doing, that'd be an even worse horror. And like Google, they're not likely to tell us what they're doing.

I believe it was the philosopher Kant who offered as a moral test the question, "What would the world be like if everyone did this?" One person lying doesn't usually do much harm. Everyone lying would make life almost unbearable.

Having every application behaving like Google's would be an utter disaster. Open-sourcing Google's code makes as much sense as marketing a "Do It Yourself A-Bomb Kit" in the Middle East. The malicious genie is out of the bottle. Now we have to consider the possibility that every obscure application we download contains Google's dastardly code. A seemingly benign application could mutate on command into a monster. And because it spreads any time we're online, it could spread like wildfire. Google doesn't even seem to have been thinking when they came up with open-sourcing their monster.

What the Greeks called hubris, overweening pride, has struck again. Google has replaced Microsoft as the giant, high-tech business that seems most clueless about the distinction between good and evil, sensible and foolish. They censored the Internet for China, they claimed to own every book not in print, and now they want to determine what's on our computers without our consent and without our knowledge.

Re:A Bad Idea Made Worse (2, Informative)

thePowerOfGrayskull (905905) | more than 5 years ago | (#27556845)

Second, there's in this the now-typical Google 'we rule the world' attitude in this--much like that at Microsoft fifteen years ago. Why should Goggle applications has an always running updater while other don't? Not even Apple makes that sort of demands and OS X is one heck of a lot more important to a Mac than anything Google might do.

Wait, what?

I don't know about OS X, but apple products on Windows absolutely demand this and a lot more. After installing itunes, I found I had "iTunesHelper.exe", "mDNSResponder.exe" and "iTunesService.exe", and the quicktime launcher always running in the background. When I disable them they come back every time I run iTunes (save the qt launcher) - and stay running after itunes is closed.

When I update iTunes, quicktime takes over all of my browser preferences again which means I have to spend time reverting them. Not to mention reinstalling its always-running launcher and updater. Every. Fscking. Time.

So when looking for an example of companies that don't "demand" to have their apps running, you'll want a better example than Apple.

Re:A Bad Idea Made Worse (1)

J_DarkElf (602111) | more than 5 years ago | (#27558409)

Don't forget about the Apple Software Updater, which is installed even if you opt-out during the install of whatever software (ie iTunes or Quicktime) you're installing!
At least this can be uninstalled again.

Java also insists on installing an always-running update service, with no easy way to disable.

Are there others -- outside of antivirus vendors, one of the few examples where an always-running updater makes sense?

Re:A Bad Idea Made Worse (1)

Yogiz (1123127) | more than 5 years ago | (#27556931)

Or maybe someone will just use the given source code and fix the updater so it doesn't do that kind of thing anymore and Google will accept it back. Why the drama?

If (YouDo==True) Then {Damned} Else {Damned}; (1)

Junior J. Junior III (192702) | more than 5 years ago | (#27557745)

the danger lies in the code that's being downloaded, not the code that is doing the downloading.

There's also the danger in the code that's already running, and needs to be replaced because it has a security vulnerability?

It was the fictional AI Joshua who said "The only way to win is not to play."

I don't really care for the particulars of google's update service, but I have yet to actually get burned by it.

I'd prefer it if they had something set up where it alerts you if there's an update available, tells you what it is and why you should consider installing it if you're curious, and then allows you to download and install it, postpone installing for a user-defined period, at which point you get prompted again, or declines the update forever.

Re:A Bad Idea Made Worse (1)

aarmenaa (712174) | more than 5 years ago | (#27557825)

I believe it was the philosopher Kant who offered as a moral test the question, "What would the world be like if everyone did this?"

It's not a hypothetical question when it comes to auto updaters. Look at your average Windows box and you'll see that there's quite a few of these, and they're typically annoying and consuming far more resources than is called for. Off the top of my head, I know I have to kill the one that comes with Java regularly. Google's is nigh impossible to keep gone. Apple's Quicktime updater is common as well. HP's fond of cramming one in their hundreds-of-megs-of-god-knows-what printer drivers. Far too many Windows applications leave things running in the background. Even OpenOffice installs a damn quickstarter app. Installed a recent version of Nero lately? The newer versions absolutely rape your computer.

It's getting to be a problem to the point where in addition to removing all the malware I kill most of these background processes, and I'm not sure which one improves the performance more. It wouldn't be such a problem except Windows gives programs a thousand ways to start up at boot, hidden, with no UI to control it. Is it a service? A shell extension? Or a registry entry? In the Startup section of the boot menu? Time to whip out regedit and third party apps, because Windows in no way consolidates any of this, and some it is just flat out hidden from the user. When people say Windows is hard to administer, this is a good example of what's being talked about.

Re:A Bad Idea Made Worse (1)

noidentity (188756) | more than 5 years ago | (#27558661)

I believe it was the philosopher Kant who offered as a moral test the question, "What would the world be like if everyone did this?" One person lying doesn't usually do much harm. Everyone lying would make life almost unbearable.

Actually, if everyone lied all the time, you would just negate the meaning of what anyone said.

Run... yet more google source (0)

Anonymous Coward | more than 5 years ago | (#27556477)

I was thinking it would be interesting if we could turn this into a windows package manager so I go and look at the code.

certificate-with-private-key.pfx, certificate-without-private-key.cer

You know, I can't even be bothered thinking through what these are. Perhaps when I'm done recoiling in horror that the Chrome source drop wasn't a bad example and Google engineers really do routinely maintain binaries in svn.

Pfft (0)

Anonymous Coward | more than 5 years ago | (#27556479)

I wouldn't be impressed until Google open sources its' search engine infrastructure.

Anybody can write an updater program. Slashdot is making this popular only because Google is doing it. Zillions of such programs are already open source. And they work on more platforms.

This article is useless. This shows that Slashdot is sucking Google's dick. Nothing more.

Re:Pfft (3, Interesting)

fuzzyfuzzyfungus (1223518) | more than 5 years ago | (#27556711)

You appear to have missed the point by several hundred yards. Google isn't open sourcing this because its updater is OMG hotness! technology, nor does anybody particularly care about the prosaic details of yet another updater. They are releasing it to alleviate customer concerns about what is running on their machines, a somewhat rarer and more interesting move.

This isn't a story about "Software X added to supply of OSS, hurrah!" this is "Company Y uses OSS as disclosure strategy", which is modestly novel.

Re:Pfft (0)

Anonymous Coward | more than 5 years ago | (#27556977)

It doesn't make this article newsworthy. If anybody really wanted to find out what Google updater did, they would do it BEFORE they ran one instance. And even if they did run it, they'd monitor all HTTP requests and/or run a system call tracing tool to make sure Google isn't evil.

People aren't living in the stone age today, you know. Anyway: it may makes sense from your point of view. But it's not Slashdot's. Slashdot are just plain stupid.

Re:Pfft (1)

DavidTC (10147) | more than 5 years ago | (#27557221)

And modestly stupid, as people don't want to 'know' what google updater is doing, they just want to turn it the fuck off.

And it's damn stupid for disclosure, because if you think google is doing something dastardly with google update, they could have just, duh, release source with that part missing.

Not that I'm entirely sure why people would be running Google applications if they didn't trust google not to do bad things to the computer.

Common autoupdate (1)

rjungbeck (1038398) | more than 5 years ago | (#27557035)

If I loook on my notebook I find Windows Update, Google Update, EA update together with application integrated autoupdaters (Firefox, Thunderbird, Acrobat Reader, Skype) running. I'm sure there a others, I don't even know about.

If Microsoft had implemented auto update as an simple open operating system feature (which could be used by other software vendors), nobody would need a private update service running all time. Your application would just need to register an autoupdate URL during installation and all updates (OS, applications, drivers) could be handled by a single (hopefully secure) update mechanism. If were a standard OS feature, nobody will bother building proprietary updaters and MS could further reduce TCO by providing enterprise wide policy control (so that a company could enable a specific update or not).

Maybe an open source autoupdater is a first step into that direction (although it would require encouraging others to use a common autoupdate).

Oh brother... (1)

Touvan (868256) | more than 5 years ago | (#27557231)

This is the same problem with voting machines. Google has release source codes they claim they used to create the code running on your machine. There is no way to verify that, so this is not reassuring in the slightest, unless you don't know how software works. I think it's great that Google did this, and I have no reason to cite to distrust their intentions here - but this is false assurance at it's best.

So build your own updater. (1)

argent (18001) | more than 5 years ago | (#27557435)

Build your own updater, or wait for someone to do that, to replace Google's version. There's only one copy of Google Updater running on your computer.

Malware (5, Insightful)

S77IM (1371931) | more than 5 years ago | (#27557323)

Google Update installs itself without my permission, runs without notifying me, and is difficult to disable and uninstall. This fits my definition of malware. I'd like to have an option for my anti-virus and anti-malware software to start detecting and destroying programs like these.

  -- 77IM

Re:Malware (1, Interesting)

Anonymous Coward | more than 5 years ago | (#27557979)

(Anon to protect modding) As someone who worked for an anti-virus company for more than a decade, I can tell you that the categorization as MALware requires some specific MALicious action on the part of the software. In fact, we looked at GoogleUpdate.exe quite explicitly, and despite the traits you mention, it did nothing malicious... so we classified it as not malware...
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>