Why doesnt Bigfix patch Google Chrome?

(imported topic written by macook91)

Just wondering if BigFix is ever going to start patching Google Chrome.

It is currently taking 22% of the market share, fast approaching IE’s 27% and BigFix still isnt providing patches through the site subscription. Are you guys ever planning on adding it to the Patches for Windows Applications fixlet site?

(imported comment written by SystemAdmin)

I have no insight into whether we have plans to support Chrome, but I was curious if browser shares had changed that much recently. It appears that those statistics are for w3schools users (http://www.w3schools.com/browsers/browsers_stats.asp). Wikipedia summarizes a few different attempts to evaluate browser statistics (http://en.wikipedia.org/wiki/Usage_share_of_web_browsers), and Chrome looks closer to 10% than 20% across those 4 samples. It has always surprised me that the 4 statistics differ so much, considering they each supposedly collects data from thousands of sites.

(imported comment written by BenKus)

I think Google auto-updates Chrome…

Ben

(imported comment written by SystemAdmin)

Yes Chrome typically auto updates. You can also force an update by going through the Help -> About Chrome menu.

(imported comment written by vittrup)

As for statistics: http://gs.statcounter.com/#browser-eu-monthly-200912-201012

It’s not 20 pct in europe - yet - but it does look like it’s gained some momentum.

(imported comment written by mcalvi91)

adobe auto updates but patches are still pushed through the “updates for windows applications” site. It would be beneficial for those environments where development needs to test various browsers and they are not admins/have download rights.

(imported comment written by SystemAdmin)

Umm, windows can auto update too. Does that mean that the patches for windows site is in jeopardy :slight_smile:

We agree with macook, some of the larger installe base windows apps should get more love from IBM.

(imported comment written by BenKus)

I think the key distinction is that Chrome auto-updates itself by streaming the download and running the new version automatically… This is different than other update technologies which rely more on a separate patch that you independently launch…

I use Chrome and it never has told me to update or asked about updating or triggered my Windows notification that it needed admin access to update… But I am not an expert on Chrome so I am not sure exactly how it patches itself with non-admins…

Actually after a quick look around Google, I can seem to find where they offer the patches independently… Does anyone have a link to individual patches that I can check out? Thanks!

Ben

(imported comment written by SystemAdmin)

Ben, I dug up a few ways to prevent chrome from updating (http://googlesystem.blogspot.com/2009/05/customize-or-disable-google-update.html) and since google has released a “enterprise friendly” version with group policy .adm files, turning off auto update is easy. As for updating the software, could BigFix take the same approach as it does with iTunes, which is to download and install the entire new version (even though it’s just a point release)?

John

(imported comment written by BenKus)

I suppose we could… I will send it off to the application updating Fixlet team for review…

Ben

(imported comment written by macook91)

This has turned out to be quite the tread from me just asking if BigFix had plans to add it to the patching lineup. Ben thank you for passing this along to the Fixlet team and we look forward to hearing what they say about it.

-Mike

(imported comment written by SystemAdmin)

I am currently investigating the support for Google Chrome. Because the way Google Chrome installs and behaves on a machine is different than most other applications, we are being careful about our methodologies in providing support for it. Rest assured, supporting Google Chrome is on our to-do list.

-Evan

(imported comment written by SystemAdmin)

Evan - Please consider looking at the corporate version which is MSI based and can be controlled by Group Policy.

What we would like to see is BigFix detecting the regular version and being able to replace it with the corporate version.

(imported comment written by JackCoates91)

Hi,

I’d like to give you guys a progress update.

Google makes it challenging to track the application at all, because the binary (which is installed in the user’s \AppData\Local\Google\Chrome\Application directory instead of %programfiles%) doesn’t carry a version… See http://forum.bigfix.com/viewtopic.php?pid=28367#28367 and try these snippets out:

if (exists regapp “chrome.exe”) then (version of regapp “chrome.exe” as
string) else (“chrome not installed”)

and

exists key whose (value “name” of it as string = “Google Chrome” and value "pv"
of it as string as version < ") of keys “HKEY_LOCAL_MACHINE\Software\Google\Update\Clients” of registry

The EXE version is out of our consideration, it downloads more of itself from the web, and using TEM to distribute that could have interesting side effects.

The MSI version is more interesting, and behaves a little better… except that every unique machine that downloads it from Google gets a different SHA1. The files seem to be the same size, but there’s some sort of stamping going on that is going to be an issue since we check the SHA1 of everything we send through the system. That should work out okay for a software distribution task since the download is only done by each organization’s admin once, but it makes it very difficult for us to publish and maintain a patch fixlet.

We’ve done some light testing of the MSI in software distribution and it looks like an effective way to manage Chrome – here’s the working update relevance from my system, which was auto-generated by importing the MSI:

((windows of operating system AND (if( name of operating system starts with “Win” ) then platform id of operating system != 3 else true)) AND (if(name of operating system starts with “Win”) then free space of drive of client > 53797264 else if (name of operating system = “Mac OS X”) then free space of filesystem of folder (pathname of client) > 53797264 else free space of filesystem of client > 53797264)) AND (/* Relevance generated from file “GoogleChromeStandaloneEnterprise.msi” */ (exists file “msiexec.exe” of system folder) AND (disjunction of (NOT exists keys “{54DF35BD-4A36-35DA-B029-A0C083C88614}” whose ( value “DisplayVersion” of it as string as version >= “9.2.21858” as version AND value “Language” of it as string = “1033”) of keys “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall” of ( x32 registry; (if exists x64 registry then x64 registry else nothing) ))))

Again though, on principle I’d recommend that you use the Software Distribution dashboard to do this individually instead of copying and pasting.

thanks,

Jack

(imported comment written by JackCoates91)

Hi,

the fixlets are being published today in Updates for Windows Applications. See this forum post for more details: http://forum.bigfix.com/viewtopic.php?id=6827

thanks,

Jack

(imported comment written by mcalvi91)

awesome!

(imported comment written by macook91)

Is it just my console or do the new fixlets not actually do any patching?

(imported comment written by JackCoates91)

that’s correct – as noted above and in the other forum post, the ‘patch’ MSI does not have a predictable size and sha1. Without predictable information, we can’t predict the results of making a Fixlet that installs the MSI globally available. The recommendation is to download the MSI version and distribute it with the software distribution tool.

(imported comment written by macook91)

Can do! Thanks Jack!