There should be an option to "Check For Updates and Install Updates Automatically". In all the software I write this is the approach I take, 90% of the people use the option.

"So, I suppose that it's my personal responsibility and not my trusted friends responsibility to respect my privacy and my property? It's okay then to go to my friends house, invade their privacy and destroy their property because they trusted me?"

Your friend came over to your house, and you invited him in, and when he walked in he said he might change the channel on your TV, and when he does change it you start complaining about him? It's baffling how people can take no responsibility for their actions. YOU installed the toolbar. The Pope didn't sneak into your house and do it. They tell you it auto-updates. Delete it if you didn't pay attention and don't want that. Craziest thread of the year.

Okay Steve, invite me to your house and I'll break a few things and more. Hope that would make you happy :)

Anyway...

Security Issue

A few things I found out about auto-update.

1. March 1999

It was discovered that Macromedia have created a huge security risk to its Mac users through the 'optional' auto update feature which periodically checks the Macromedia download site for the latest revision of Shockwave.

If it needs an update, the software reports back to Macromedia the Shockwave sites users have visited.
But in cases where Web sites use password validation in their addresses, this information - which can include the passwords, as well as data about secure Web sites, even those behind a firewall, and hard disk information -
is passed back to Macromedia.

2. June 2003

Symantec under fire for bugs, flaws

...customers using Symantec AntiVirus Corporate Edition reported that an 'automated' antivirus definition update from the security company caused the antivirus software to fail,...

Furthermore...

Attackers who have a copy of the flawed ActiveX code with a valid digital signature could trick Microsoft Windows systems into accepting the control, opening that system to attack even if it did not already have the faulty component installed,...

--------------

Macromedia and Symantec have acknowledged the security hole that their 'auto-update' have created and have taken steps to prevent exploitation of this bugs.

Of course we also heard the infamous 'windows auto update' exploit.

All this have been fixed BUT it's always after the fact and the damage has already been done.

So, what's to prevent somebody exploiting this backdoor in my computer that Google have left open because the auto-update pass through my fire-wall and my anti-virus? I bet, somebody is looking into this already and it's not only Google.

--------------

Quote from the net

This is the primary objection to auto-update - it is fundamentally insecure with a development process lacking security controls. The second is basic trust.

--------------
Further reading

The Risk of Programs That Update Automatically [schram.net] Read it, maybe this will wake you up, as to what is Google doing.

So, play with fire at your own risk.

--------------

and Steve, I hope your friends are as nice as me :)

Cheers

So... don't... install... it.

I have to admit; I've been reading this thread and thinking the same thin as Steveb. If you don't like it then don't install it.

Today I turned my sleeping toolbar on to check out some pages and it went through the auto update process. No big deal, and when I was done with it I unchecked the Google toolbar from the toolbar menu and walla....another toolbar disappears. Uncheck the other toolbar and Google disappears. After playing around with this and rebooting the problem was still there.

Bye bye Google toolbar old friend it was fun while it lasted. No more little green lines for me if it means spending ANY time at all repairing my main machine.

It was an obvious, conscious, technically informed, and more-than-likely a hotly debated policy within Google mgt to automatically update the toolbar. This is not something that happens by accident or because it was a good idea at 3am when it was programmed

Exactly. For me, the issue is not so much whether disclosure via the FAQ is sufficient. This was a design decision. Google was well-aware of the routes that other software vendors had taken for self-updating software. A common technique is a dialog "[software product] has detected a new version. Would you like to update now?" As others have pointed out, even Microsoft's window's auto-update service is opt-in and updates are only installed if the user explicity chooses to do so. Windows computers around the world would be much more secure if Microsoft silently pushed it's weekly security patches without obtaining user consent. But Micrsoft made a design decision not to do so. And Google, aware of the actions of other software vendors, made a design decision to update the toolbar without prompting - or even notifying - the user. This leaves one question. Why?

Look at the huge mess we're all experiencing from the sobig.f virus.

All of us who patched our computers are suffering because of all of those who didn't. Maybe THAT (general issue) is what Google considered when making the choice to auto-update.

That said, I do agree with others who have (politely) urged Google to offer better disclosure and more options. As I noted earlier, when there's a CRITICAL toolbar update available, a good compromise from Google would be insisting that toolbar users either upgrade OR disable their toolbar. This'd be win-win; there'd be no active toolbars vulnerable to any future exploits... and users would have an option.

For those that keep using the "don't install it then" logic, remember that it is the ONLY way to get the current pagerank on most sites. Some of us do SEO work from time to time around here ;)

For those that keep using the "don't install it then" logic, remember that it is the ONLY way to get the current pagerank on most sites. Some of us do SEO work
from time to time around here ;)

The larger issue, and the real weakness with the "don't install it" logic, is that we're not just talking about our own little lives here. (Are we?) The toolbar is already installed on millions of computers whose novice owners have no idea it's going out and bulking itself up every now and then. If they did know, most of them wouldn't care, but many of them *would* care, and therefore everyone should know.

Putting it in the FAQ/privacy page just isn't nearly enough. Gator uses the same defense to claim that their users have "opted in to receive targeted offers". But Gator is slime.

Kackle - are you the guy who writes Google Watch? Your mantra is remarkably similar in style. I read the article on mind control. Very enlightening. Luckily my brain cells are no longer receptive as my mobile phone has already destroyed the ones receptive to non ionising radiation ;)

I have a question for you. If, in order to secure world domination, Google wants everyone to use the toolbar so much, why did they destroy the attractiveness of PageRank, their number one toolbar marketing machine? Perhaps they were just double slying the people watching google to put them off the scent?