What about Microsoft's .Net Framework?

It depends. Some programs require .net in order to operate. Microsoft Windows Update will keep .NET up-to-date for you. It's much less of a security risk than Java.

you can potentially have the same update settings on java's auto-update as on Windows update ie download but ask before install.

There's a java tool to remove old versions now.

Java isn't capable of automatically updating.

indeed, but it will automatically download updates and tell you they're ready - as does Windows Update if so configured.

according to that article the prime reason is nothing to do with automatic update but more to do with that the sun vendor wont patch old versions and new versions are incompatible with apps, since compatability is king over security they dont upgrade.

Also java has by default ran automatic update checks for years.

I dont believe in silent automatic updates without user's consent. Treating end users like pre-school children.

More sane advice would be to ensure the relevant java options are enabled which is check for updates and also to prompt to run on every instance its ran as well as to warn if outdated when running, also in browser have the browser configured to require authorisation to run on unknown sites (whitelist). Now the default behaviour in firefox and chrome, IE9+ can be configured to run in that way also by removing the * from the run whitelist.

A big problem with updating java is it usually at least requires the browser to be closed before updating and sometimes needs a reboot, whilst that is so messed up they cant do background updates. I often have to defer java updates because I cant always close all my browser windows or reboot on a whim.

More of an Enterprise excuse than anything else.

Automatic update checks are not enough. They weren't enough for Adobe and they aren't enough for Java. If people paid attention to pop-up dialogues, more versions of Java would be up-to-date.

Love 'em or hate 'em, silent upgrades are the future and they're coming to the majority of operating systems and devices near you.

Again, people really don't pay attention to update dialogues. White listing 'safe' web plug-ins is better than requiring a user to white list 'safe' sites.

Requiring an immediate browser restart is another reason why the manual update process sucks. If the update were silent, it might be possible to apply the update just before shutdown or when the user has closed the browser and is about to restart it.

Noscripts add on does the update process the best (along with Firefox). Downloads and installs the update while you browse, then applies it the next time you restart the browser. You dont even know its done it and requires no interaction with the user or interferes with your browsing session

silent updates are ok when its strictly security updates only eg. a/v defnitions and they are seamless eg., no reboots.

The problem is when dev's mix it in with feature updates which then introduces bugs and ruins the end user experience., breaks comptability etc.

There seems to be a desire by dev's to forcefully rollout feature updates which in turn creates a desire from end user's to resist these updates, so blame dev's not enduser's.

If you are trying to say companies should just put up with broken applications and downtime to satisfy your desire then it wont happen. They would just stick to the previous version before silent updates introduced.

Believe me on this, I do work for various companies, some are highly resistant to updates as their absolute priority is uptime and compatability. When I do updates and patching I have to do with extreme care to make as seamless as possible.

If i were to set servers I manage to silently automatically update to every update that comes their way, I would be out of a job as there would be chaos with things breaking left right and centre.

Edited by Chrysalis (Mon 12-Aug-13 16:51:30)

Enterprise is a different kettle of fish. There are complex and expensive ways of mitigating Java exploits without rolling out the latest update.

Yes, I would fire you if you set a server to auto-update.