

The recently released desktop app Google Earth 5 contained a little surprise for many Mac OS X users — it installed Google's automated Update Engine without clearly asking.

Worse, the latest version of Google Earth won't work without the Update Engine running in the background.

We mentioned the new update policy in our initial review, but given Google's lack of transparency, or what users perceive as a lack of transparency about the update, it bears a closer look.

Sneaking an auto-updater into a software package without clearly pointing it out during the installation process is a bad idea, one that Google has promised to change with a new, more informative splash screen. But, offering no way to turn the update software off is downright evil, according to many upset users in the Google Earth Group.

Most of us have dozens of applications installed on our PCs, many of which check for updates when the application is active. So why does the Google Updater have to run all the time in the background?

Wil Shipley, a longtime Mac developer and author of the award-winning Delicious Library, says, "This is a classic case of designing like a computer scientist instead of like a user: 'Well, it seems cleaner architecturally for us to have a central update server, instead of the same update module in each program the user runs!'"

Shipley goes on to point out that "anything running in the background is a potential security risk." Shipley's own Delicious Library checks for updates when it launches, a system he calls "ideal."

A spokesperson for software maker Adobe confirmed the company's Creative Suite 4 also has no need for an always-running updater. Instead, Adobe's apps rely on a standalone updater that runs each time you launch one of the Creative Suite applications, like Photoshop or Illustrator.

Google is relatively new to the desktop software game, particularly the Mac side. And, despite plenty of best practice examples from those who came before, the company is repeating the same amateur mistakes that most desktop software makers have long since abandoned.

Here are a few reasons why an always-active daemon (software speak for a tiny app that runs in the background) for handling software updates is a bad idea:

It opens up an always-on tunnel to Google. While Google may be confident its update servers will never be compromised, how confident are you? If a third party gains control of that server, it can inject nearly any code it wants into your machine. It’s always on, always looking for update. On an expensive, pay-by-the-megabyte EVDO network? Google Updater doesn’t care and will suck down any available updates without asking, costing you money. Google updates Google Earth or Picasa or Gtalk, but the update ends up having a bug that wipes data from your drive. Sorry, too late — the auto-updater already grabbed the latest version without asking. Kiss your data goodbye. Administering a large network that needs to be locked down and tightly controlled? Cross Google software off your list. All the above problems apply, but they're cascaded across your network for added headaches.

A Google spokesperson defended the Updater with a canned response, stating that "updates provide bug fixes, fix security vulnerabilities, ensure that applications are still compatible with other software updates."

But as Shipley says, "it's incredibly intrusive to have some idiotic daemon whose whole purpose is just to look for updates."

Comparing it to the real world, Shipley says an always-running background app is "like having a person at your company whose full-time job is to see if there's, like, a new version of QuickBooks out yet."

There's an easy fix for this controversy: Just follow the standard best practices of desktop software. Have your updater check in with the server at each launch. It works for Microsoft, it works for Apple, it works for Adobe, it works for nearly every software maker on the market.

The audience of offended users may be small in the case of Google Earth, but it's safe to assume that a Mac version of Google's Chrome Browser will likely use the same update policy and that could hurt the browser’s ability to entice users into switching.

We hate to break it to you Google, but you aren't special, and your software updates are no more critical than anyone else's. At the very least, offer users a way to turn off auto-updates. The web may belong to Google, but your desktop and the applications running on it should remain in your control.

See Also: