Software vendors are increasingly adopting supplier-push, rather than customer-pull, approaches for distributing their applications and software updates. Is this I.T. trend a desirable one, or should we have reservations about it?
I am divided in my opinion on this topic. There are valid scenarios for preferring one option over the other. One of the best examples I found that can shed a little bit of light on this, is a comparison of automated updates for a software solution hosted in Cloud vs. On-Premise.
Software hosted in Cloud
In this scenario we will look at the web solution hosted in cloud (think of Gmail).
I believe that allowing customers to update their software at their own discretion (on any date and at any time) would be hugely ineffective for a web app. This is mostly because such a process would become inherently more expensive and less secure in comparison to running only the most recent version of the software.
Why more expensive?
The cloud vendor would primarily face a use-case in which they may have to support all of the software versions ever created. This would result in the overall increase of the operating costs. Not only this would fuel the need to create the infrastructure that is capable of application versioning. The costs would also increase on a support client side, due to need to provide a qualified support to customers who opted-out from software updates and for various reasons want to operate on an older software version.
Why less secure?
Unless the different versions of the same software were kept in a completely segregated and sandboxed environments, we would see the increased likelihood of security risks impacting rest of the client base, inadvertently caused by vendor’s inability to control the time of customer upgrades.
There is a good case for keeping cloud-based applications up to date, and the main reason is the security. The following are the two of the most recent exploits of Gmail which had to be promptly resolved by Google by patching the Gmail application.
– The Wired Magazine (November 2016) report: “Oren Hafif says that he found and helped fix a bug in Google’s Gmail service that could have been used to extract millions of Gmail addresses, if not all of them, in a matter of days or weeks. The trick would not have exposed passwords, but could have left accounts open to spam, phishing, or password-guessing attacks. The exploit involved a lesser-known account-sharing feature of Gmail that allows a user to “delegate” access to their account.” (Greenberg, 2014)
– Softpedia’s editor Catalin Cimpanu reported in July 2016, that “some of Gmail’s security features that are responsible for detecting malicious macros can be bypassed just by splitting “trigger words” in half or across rows, security researchers from SecureState have discovered.” (Cimpanu, 2016)
As we can see, in most cases it’s cheaper and more secure for the software vendor to remain in control of the application update process, which can be executed in a completely unobtrusive way, thus eliminate the hassle of installing and updating the product.
Software hosted On-Premise
For this scenario, let’s pretend we’re using a Windows based application installed on a desktop workstation.
As the software solution is hosted on customer’s infrastructure, the end customer should remain in control of the best time to upgrade in order. An automated update, in this case, could potentially create the negative impact on the workflow of an entire enterprise.
In applications hosted on-premise, the software vendor is not in control of the environment and aside from mandatory updates, it’s likely more beneficial and less risky to allow the customer to control the update frequency.
Ideally the best solution to handle the update process is “to offer procedures to update software online only with notice and execute the update after obtaining consent of the user, without exceeding or abusing their consent, in a transparent way and without allowing unchecked access to the user’s computer” (Garante per la protezione dei dati personali, 2004)
The fundamental problem with automated updates is the increasing worldwide trend of nontransparent update techniques, where the customer is completely unaware of updates and the functionality that is being introduced into the system. The software vendor can easily create an intermediate version of the software, which collects personal client data, later followed by a regular version update that excludes such intrusive practices.
On the other hand, leaving update process fully in customer’s hands, can create a variety of issues that aren’t easily controlled.
I will conclude by saying that ultimately I am always a proponent of freedom to choose from more than one option, however, as we can see, sometimes it’s not economical, nor practical to insist on having the choice available.
Rascuache (2016) Bypassing malicious Macros signatures in Email. Available at: https://warroom.securestate.com/bypassing-gmails-malicious-macro-signatures/#tabs2 (Accessed: 17 August 2016).
Cimpanu, C. (2016) Gmail security filters can be bypassed just by splitting a word in Two. Available at: http://news.softpedia.com/news/gmail-security-filters-can-be-bypassed-just-by-splitting-a-word-in-two-506447.shtml (Accessed: 17 August 2016).
Greenberg, A. (2014) Gmail bug could have exposed every user’s address. Available at: https://www.wired.com/2014/06/gmail-bug-could-have-exposed-every-users-address/ (Accessed: 17 August 2016).
Automatic software update – deep freeze cloud (2016) Available at: http://www.faronics.com/deep-freeze-cloud-automatic-software-update/ (Accessed: 17 August 2016).
2003 A5 (2003) Available at: http://privacyconference2011.org/htmls/adoptedResolutions/2003_Sidney/2003_A5.pdf (Accessed: 17 August 2016).
Garante per la protezione dei dati personali (2004) Available at: http://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/1049635 (Accessed: 17 August 2016).