Had a little discussion last night that got me wondering, so I thought I’d post the question.
How does your company update products that offer in built-in updating functionality, like Firefox? Do you leave the functionality enabled and let the applications developer push updates to your desktop, or do you disable auto-update (I think
app.update.enabled can be used to disable it in Mozilla products) and update via group policy or whatever method your company uses.
If anyone is able to comment (I know some IT Dept’s are very secretive) that would be great. Especially helpful if you can comment at least on the size of your organization and what method is used with apps that have the ability to auto-update. Especially if you deploy Firefox or Thunderbird in your organization. Leave a comment or feel free to email me if it’s not something you can post publicly.
From the way I see it, both have advantages and disadvantages:
- No intervention by IT to keep product up to date.
- No special servers, or configs to maintain.
- Prompt updates.
- No ability to test update before it’s live.
- Rely on developer to keep server secure.
- Bandwidth consumption on WAN (download from source for each workstation, rather than just on the LAN).
- Ability to test updates for things like extension compatibility, and with intranet applications.
- Feeling of control over workstations.
- Less bandwidth consumption on WAN.
- Requires IT keep close eye on releases.
- Delay can be a danger during 0 day exploits.
- Infrastructure may be needed.