Nope, annoying forced update stuff goes in my trash. Already said bye bye to Windows for this reason. If your thing is gonna update itself, it can't disrupt me or make itself worse.
There should always be an option to turn off automatic updates (unless we are talking about a corporate network), but the option should be opt-in and require some initiative on the part of the user. If the option is presented together with a prompt to update, users will simply turn it off without knowing what they are doing.
If it is in an options menu, power users can choose to turn it off, but normal users will probably never find the option.
I agree for most software in general. Mac updates are auto by default iirc, and that's good. Just not Chrome extensions. The risk of attacks by the owner seems much higher than the risk of attacks by websites on outdated extensions.
And the problem with Windows is you can't really turn minor updates off, they require reboots, it nags you a ton about major ones, and the updates basically just make it worse.
I don't think manual updates would solve this security problem. The new owner would just have to delay the activation of the malicious parts of the software. No one is going to check the binary of an extension or try to replicate it if it is open source.
It's strange that Windows updates are still such a big problem, and I'm not talking about the ones caused by Microsoft's greed. Even Linux systems, which for a long time were pretty user-unfriendly, have largely managed to make updates seamless. I have automatic updates turned on on my computer, and the only indication is that once in a blue moon I can't turn the system off for a minute while it's running an update.
It wouldn't solve it, but at least an update couldn't get instantly pushed and run by all users. These extensions are JS rather than compiled binaries, so they're not too hard to inspect (and if the code is intentionally obfuscated rather than just minified, you know something is up).
If you want to limit the initial impact of a malicious extension, a mandatory hold or slow rollout would be more appropriate. There is no need to bother normal users if they would never inspect the code anyway. If some users want to inspect it first, they can go into the options and turn off automatic updates. Fixes for serious vulnerabilities that require immediate rollout are much rarer and often small, and could be reviewed by the extension store team.
I mean linux updates are everything but seamless, it highly depends on your exact config and distro, certain hardware configs break every single kernel version, hell even Nvidia would break they drivers super often not even that long ago. Smaller vendors with closed source drivers were even worse. Software just breaks sometimes no matter the amount of testing that you do. It's better just just accept that and deal with it when it comes up.
And in my experience (mostly server linux, client Windows/macOS) the worst updates are still macOS, they take for ever to install. Linux and Windows seem to at least install quickly, like a full upgrade takes less than 20 minutes on both, while a minor release for macOS will make my MacBook try to lift off like a jet engine for 45 minutes.
so when one software company does it to you it's good you say but when a different outfit does it goes in the trash. nice consistency you got there, bud.
Apple doesn't force the updates, Microsoft does. You can turn off automatic Mac updates, and even the automatic ones won't force reboot your machine while you have stuff open. And you aren't greeted with a "please switch to Safari" modal when it boots back up.
What's true about both is the updates require a reboot and take way longer than they should.
I mean macOS will spring the "Your computer will reboot within 60s" with the count down on you, if you don't watch out. And the "Reopen" feature only barely works.
