Feeds

Google throws secret auto-updater to open sorcerers

Bloody Omaha privacy breach

HP ProLiant Gen8: Integrated lifecycle automation

Google has thrown a little-known but controversial part of its web services code to open sorcerers to prove to skeptics there's nothing funny going on under the covers. Oh, it also wants to give third parties a peek at what's going on inside your system, too.

The Mountain-View chocolate factory has released the code of Google Update under an Apache 2.0 open source license. Newly-transparent Google Update, now referred to as Omaha, was pushed into the wild late Friday while everyone was busy being fitted for Easter bonnets.

If you've got Google software on your Windows box like Chrome, Gears and Google Earth, then you've got GoogleUpdate.exe running in the background silently downloading product updates and beaming home certain use data back to Google.

As a central auto-updater for such applications it may be handy, but unfortunately GoogleUpdate is always on, can't be uninstalled unless every single Google apps is removed first, and until now, we've had to take Google's word that it's only sending innocuous user and system data back to Google's servers.

That’s left people angry at this violation of privacy, and seen others temporarily turn off the process for a few hours at a time using the simple CTRL + ALT + DEL.

Obviously, that impedes the ability of services from the Chocolate factory to keep feeding back into the systems at the Googleplex.

According to the Google Open Source blog:

Since Google Update is always running on your system, there's no simple way to stop it, and since it's a fundamental part of the Google software that needs it, it's not explicitly installed. Some users can be surprised to find this program running, and at Google, we don't like disappointing our users. We've been working hard to address these concerns, and releasing the source code for Omaha is our attempt to make the purpose of Google Update totally transparent. Obviously, we understand that not everyone is both willing and able to read through our code, but we hope that those of you who do will confirm for the rest that Google Update's functionality serves well to keep your software up to date.

Google said its secondary motivation for opening the auto-installer is to encourage developers to use the code and integrate it with their own products.

Supposedly, the outcome could be Omaha catching on as some sort of generic package manager for Windows. Yet while the shift to open source may stymie concerns Google is collecting more information with GoogleUpdate.exe than it discloses, it doesn't yet solve the software's other notable issues.

Google still doesn't inform users about the updater, and there's currently no option to make it ask before downloading updates. It's also constantly running in the background, using Window's task schedule every few hours only as a way to make sure the process hasn't been killed.

Which might explain why Google chose to put out this news over the Easter weekend, when people’s minds were turning to other types of chocolate.

While GoogleUpdate itself may not take a big chuck out of a computer's resources - it seems every big software company feels its necessary to have their own updater running in the background. Collectively, it bogs down a system. Omaha could help merge a few smaller software developers into a single update platform, but it's extremely unlikely a major player would take the bait.

Hopefully Google follows through with making the GoogleUpdate process less of a surprise to the average person. There is such a thing as simplicity without making the user give up all control.

Omaha's source code along with developer instructions are provided at the project's Google Code repository. ®

Top three mobile application threats

More from The Register

next story
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Apple fanbois SCREAM as update BRICKS their Macbook Airs
Ragegasm spills over as firmware upgrade kills machines
NO MORE ALL CAPS and other pleasures of Visual Studio 14
Unpicking a packed preview that breaks down ASP.NET
Captain Kirk sets phaser to SLAUGHTER after trying new Facebook app
William Shatner less-than-impressed by Zuck's celebrity-only app
Do YOU work at Microsoft? Um. Are you SURE about that?
Nokia and marketing types first to get the bullet, says report
Microsoft takes on Chromebook with low-cost Windows laptops
Redmond's chief salesman: We're taking 'hard' decisions
Cheer up, Nokia fans. It can start making mobes again in 18 months
The real winner of the Nokia sale is *drumroll* ... Nokia
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Reducing security risks from open source software
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.