Just wondering if BigFix is ever going to start patching Google Chrome.
It is currently taking 22% of the market share, fast approaching IE’s 27% and BigFix still isnt providing patches through the site subscription. Are you guys ever planning on adding it to the Patches for Windows Applications fixlet site?
I have no insight into whether we have plans to support Chrome, but I was curious if browser shares had changed that much recently. It appears that those statistics are for w3schools users (http://www.w3schools.com/browsers/browsers_stats.asp). Wikipedia summarizes a few different attempts to evaluate browser statistics (http://en.wikipedia.org/wiki/Usage_share_of_web_browsers), and Chrome looks closer to 10% than 20% across those 4 samples. It has always surprised me that the 4 statistics differ so much, considering they each supposedly collects data from thousands of sites.
adobe auto updates but patches are still pushed through the “updates for windows applications” site. It would be beneficial for those environments where development needs to test various browsers and they are not admins/have download rights.
I think the key distinction is that Chrome auto-updates itself by streaming the download and running the new version automatically… This is different than other update technologies which rely more on a separate patch that you independently launch…
I use Chrome and it never has told me to update or asked about updating or triggered my Windows notification that it needed admin access to update… But I am not an expert on Chrome so I am not sure exactly how it patches itself with non-admins…
Actually after a quick look around Google, I can seem to find where they offer the patches independently… Does anyone have a link to individual patches that I can check out? Thanks!
Ben, I dug up a few ways to prevent chrome from updating (http://googlesystem.blogspot.com/2009/05/customize-or-disable-google-update.html) and since google has released a “enterprise friendly” version with group policy .adm files, turning off auto update is easy. As for updating the software, could BigFix take the same approach as it does with iTunes, which is to download and install the entire new version (even though it’s just a point release)?
This has turned out to be quite the tread from me just asking if BigFix had plans to add it to the patching lineup. Ben thank you for passing this along to the Fixlet team and we look forward to hearing what they say about it.
I am currently investigating the support for Google Chrome. Because the way Google Chrome installs and behaves on a machine is different than most other applications, we are being careful about our methodologies in providing support for it. Rest assured, supporting Google Chrome is on our to-do list.
Google makes it challenging to track the application at all, because the binary (which is installed in the user’s \AppData\Local\Google\Chrome\Application directory instead of %programfiles%) doesn’t carry a version… See http://forum.bigfix.com/viewtopic.php?pid=28367#28367 and try these snippets out:
if (exists regapp “chrome.exe”) then (version of regapp “chrome.exe” as
string) else (“chrome not installed”)
and
exists key whose (value “name” of it as string = “Google Chrome” and value "pv"
of it as string as version < ") of keys “HKEY_LOCAL_MACHINE\Software\Google\Update\Clients” of registry
The EXE version is out of our consideration, it downloads more of itself from the web, and using TEM to distribute that could have interesting side effects.
The MSI version is more interesting, and behaves a little better… except that every unique machine that downloads it from Google gets a different SHA1. The files seem to be the same size, but there’s some sort of stamping going on that is going to be an issue since we check the SHA1 of everything we send through the system. That should work out okay for a software distribution task since the download is only done by each organization’s admin once, but it makes it very difficult for us to publish and maintain a patch fixlet.
We’ve done some light testing of the MSI in software distribution and it looks like an effective way to manage Chrome – here’s the working update relevance from my system, which was auto-generated by importing the MSI:
((windows of operating system AND (if( name of operating system starts with “Win” ) then platform id of operating system != 3 else true)) AND (if(name of operating system starts with “Win”) then free space of drive of client > 53797264 else if (name of operating system = “Mac OS X”) then free space of filesystem of folder (pathname of client) > 53797264 else free space of filesystem of client > 53797264)) AND (/* Relevance generated from file “GoogleChromeStandaloneEnterprise.msi” */ (exists file “msiexec.exe” of system folder) AND (disjunction of (NOT exists keys “{54DF35BD-4A36-35DA-B029-A0C083C88614}” whose ( value “DisplayVersion” of it as string as version >= “9.2.21858” as version AND value “Language” of it as string = “1033”) of keys “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall” of ( x32 registry; (if exists x64 registry then x64 registry else nothing) ))))
Again though, on principle I’d recommend that you use the Software Distribution dashboard to do this individually instead of copying and pasting.
that’s correct – as noted above and in the other forum post, the ‘patch’ MSI does not have a predictable size and sha1. Without predictable information, we can’t predict the results of making a Fixlet that installs the MSI globally available. The recommendation is to download the MSI version and distribute it with the software distribution tool.