By this fall, Apple and Microsoft will have followed in the footsteps of Google to automatically update apps on their mobile and desktop platforms, another step in the trend to take security out of users' hands.
"This is one of the best things we've seen in security in the last decade," argued Andrew Storms, senior director of development and operations at San Francisco-based CloudPassage. "Historically, we've always relied on the end user to update, and praying that they do so. Auto-updating means that the moment [a new version] is released, the majority has the most secure code available installed."
[ Security expert Roger A. Grimes offers a guided tour of the latest threats and explains what you can do to stop them in "Fight Today's Malware," InfoWorld's Shop Talk video. | Keep up with key security issues with InfoWorld's Security Adviser blog and Security Central newsletter. ]
Google's Android and Chrome OS -- the latter based on the Chrome browser -- automatically update installed apps, silently and in the background, without bothering the user.
Both Apple and Microsoft will mimic Google later this year, when the former ships OS X Mavericks for the Mac and iOS 7 for the iPhone and iPad. Microsoft, too, has committed to app auto-updates, a feature that will debut in Windows 8.1 this fall.
On Windows and OS X, the new approach to app updating applies to just parts of their software ecosystems.
Only Windows Store apps -- those the company calls "Modern" but which many still dub "Metro" -- will auto-update. Older, traditional Windows apps, those that run on the old-school desktop, will not.
OS X Mavericks is in the same boat: Only apps downloaded and installed through the Mac App Store will update hands-off. Software acquired through other channels -- downloads direct from the developer, for example -- will remain the user's responsibility.
Although legacy applications on Windows and OS X are out of the auto-update loop for now, many applications offer their own auto-updates. And third-party patch managers for enterprises and consumers -- an example of the latter for Windows is Secunia's Personal Software Inspector -- are available to fill the gaps.
"The question becomes, how much more can be automated?" said Morten Stengaard, the CTO of Secunia. "Frankly, the more automation the better, because we cannot keep up with all the patches available."
This fall's roll-out of app auto-updating on Windows, OS X and iOS 7 is only the latest in a continuum of similar moves over the years to remove the weak link -- the user -- from the equation, Storms noted.
"What we're seeing is the operating system [makers] putting a stake in the ground, that moving forward, this is the best way to go," said Storms.
Operating systems like Android, Chrome OS, iOS, OS X, and Windows have long offered either partial (as in the case of iOS and OS X) or complete (Android, Chrome OS, Windows) auto-updates to provide patches; the Chrome and Firefox browsers have gone to fully-silent updates; Microsoft has enforced auto-upgrades to its Internet Explorer (IE) browser; and the most popular plug-ins and add-ons, such as Adobe's Flash and Oracle's Java, have shifted to a more hands-free model.