Feeds

Google throws secret auto-updater to open sorcerers

Bloody Omaha privacy breach

Boost IT visibility and business value

Google has thrown a little-known but controversial part of its web services code to open sorcerers to prove to skeptics there's nothing funny going on under the covers. Oh, it also wants to give third parties a peek at what's going on inside your system, too.

The Mountain-View chocolate factory has released the code of Google Update under an Apache 2.0 open source license. Newly-transparent Google Update, now referred to as Omaha, was pushed into the wild late Friday while everyone was busy being fitted for Easter bonnets.

If you've got Google software on your Windows box like Chrome, Gears and Google Earth, then you've got GoogleUpdate.exe running in the background silently downloading product updates and beaming home certain use data back to Google.

As a central auto-updater for such applications it may be handy, but unfortunately GoogleUpdate is always on, can't be uninstalled unless every single Google apps is removed first, and until now, we've had to take Google's word that it's only sending innocuous user and system data back to Google's servers.

That’s left people angry at this violation of privacy, and seen others temporarily turn off the process for a few hours at a time using the simple CTRL + ALT + DEL.

Obviously, that impedes the ability of services from the Chocolate factory to keep feeding back into the systems at the Googleplex.

According to the Google Open Source blog:

Since Google Update is always running on your system, there's no simple way to stop it, and since it's a fundamental part of the Google software that needs it, it's not explicitly installed. Some users can be surprised to find this program running, and at Google, we don't like disappointing our users. We've been working hard to address these concerns, and releasing the source code for Omaha is our attempt to make the purpose of Google Update totally transparent. Obviously, we understand that not everyone is both willing and able to read through our code, but we hope that those of you who do will confirm for the rest that Google Update's functionality serves well to keep your software up to date.

Google said its secondary motivation for opening the auto-installer is to encourage developers to use the code and integrate it with their own products.

Supposedly, the outcome could be Omaha catching on as some sort of generic package manager for Windows. Yet while the shift to open source may stymie concerns Google is collecting more information with GoogleUpdate.exe than it discloses, it doesn't yet solve the software's other notable issues.

Google still doesn't inform users about the updater, and there's currently no option to make it ask before downloading updates. It's also constantly running in the background, using Window's task schedule every few hours only as a way to make sure the process hasn't been killed.

Which might explain why Google chose to put out this news over the Easter weekend, when people’s minds were turning to other types of chocolate.

While GoogleUpdate itself may not take a big chuck out of a computer's resources - it seems every big software company feels its necessary to have their own updater running in the background. Collectively, it bogs down a system. Omaha could help merge a few smaller software developers into a single update platform, but it's extremely unlikely a major player would take the bait.

Hopefully Google follows through with making the GoogleUpdate process less of a surprise to the average person. There is such a thing as simplicity without making the user give up all control.

Omaha's source code along with developer instructions are provided at the project's Google Code repository. ®

Boost IT visibility and business value

More from The Register

next story
The Return of BSOD: Does ANYONE trust Microsoft patches?
Sysadmins, you're either fighting fires or seen as incompetents now
Munich considers dumping Linux for ... GULP ... Windows!
Give a penguinista a hug, the Outlook's not good for open source's poster child
Intel's Raspberry Pi rival Galileo can now run Windows
Behold the Internet of Things. Wintel Things
Linux Foundation says many Linux admins and engineers are certifiable
Floats exam program to help IT employers lock up talent
Microsoft cries UNINSTALL in the wake of Blue Screens of Death™
Cache crash causes contained choloric calamity
Eat up Martha! Microsoft slings handwriting recog into OneNote on Android
Freehand input on non-Windows kit for the first time
Linux kernel devs made to finger their dongles before contributing code
Two-factor auth enabled for Kernel.org repositories
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 10 endpoint backup mistakes
Avoid the ten endpoint backup mistakes to ensure that your critical corporate data is protected and end user productivity is improved.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Rethinking backup and recovery in the modern data center
Combining intelligence, operational analytics, and automation to enable efficient, data-driven IT organizations using the HP ABR approach.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.