/build/static/layout/Breadcrumb_cap_w.png

MSI Packaging: Allowing Applications to AutoUpdate

As  a packager, I was always taught that allowing applications to AUTOUPDATE was generally discouraged as it limited the control of the IT Desks to properly control the applications that are deployed to users desks

One of our 3rd party counter parties keeps pestering us about allowing this and our Application support team is willing to perhaps make an exception to the rule. Aside from the loss of deployment control (which the App support team accepts the responsibility for) is there anything else that might make this is a bad idea?
Asked 9 years ago 2277 views
3 Comments   [ + ] Show comments
  • I can think of following issues at the moment :

    1. License Issue .
    2. Uninstall or Upgradation issue. - rock_star 9 years ago
  • It could possibly, in a small number of instances, delete work. - alphabeta 9 years ago
  • Do your users have local admin rights? If the app is installed in the usual location, they're going to need them.

    Besides, vendors don't have an exactly unblemished record in screwing up their deployments.

    AVOID! AVOID! AVOID! - anonymous_9363 9 years ago

Answers (3)

Answer Summary:
Posted by: Badger 9 years ago
Red Belt
1

what is the mechanism to the update??? It will involve your machines reaching out the their machines, or worse, their machines reaching into yours....

How would it be controlled, will it work if users are using the application???

Is there a backend?? could an upgrade mean a backend upgrade, who would be in charge of controlling when to upgrade the backend and heaven forbid, testing/implementing a roll back if needed???

 

Posted by: MacDude 9 years ago
Fifth Degree Brown Belt
1
imagine that you do this with JAVA and then a new release is out and it is getting updated in your computing environment and it breaks critical workflow. 

Using auto-updaters does not allow you to test the upgrade in your computing environment. 

Trust and Verify.  Say no to auto-updaters. 
Posted by: EdT 9 years ago
Red Belt
0
The most important issue is whether a standard (non-admin) user account has sufficient privileges to allow an update to be installed.  If not, you are going to need to open up permissions in the file system and/or registry to allow standard users to autoupdate, and this creates a security issue.  Alternatively, some vendors install an update service that has the rights to update the app, but technically drives a big hole in your desktop security that you have no control over.
So before you decide, find out exactly how the autoupdate mechanism operates and what the security issues might be if you allow autoupdate.
 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ