FileZilla Forums

Updating doesn't even take 10 seconds. Surely you can spend 10 seconds once per month. Have a sip of coffee/tee/beer/cowjuice while it updates.

botg wrote: ↑

2021-12-01 09:09

cowjuice

It's "udder liqueur", you cretin.

I just created an account to give my +1 for @Ventures opinion. That popup is annoying.

Uh... and there is one other thing to metion:
Dear bocos and botgs out there, if people start programming autohotkey scrips to make filezilla useable for them, it may be worth considering to make that "popup feature" optional.

Lets copy that AHK code to my running background script.
Cheers

You need to update FileZilla. Running outdated software is a security risk.

I can not see any risk, using a older filezilla version.
Where should be the entry gate for the exploit?

Can you please tell me a use case, how a pontentially weakness could be utilized to run harmful code?

Do you trust that 100% of the data you receive over the network is benevolent?

Processing any untrusted data poses a risk. Attackers have ample time analyzing outdated software for potential vulnerabilities.

Do you trust that 100% of the data you receive over the network is benevolent?
Processing any untrusted data poses a risk.

That is true. But how does an updated version of FileZilla increase data trustworthiness in any way?
FileZilla does not have the ability to detect, if a transfered file is malicious or not. So every file transfered by an old FileZilla version is as trustworthy as one transfered by an updated FileZilla version.
I may be thumb, but I see absolutely no reason to update here.

- - -

Attackers have ample time analyzing outdated software for potential vulnerabilities.

Yes, they have. But it is informative, that even a very experienced developer can not give us any use case of how they attacked an outdated FileZilla installation in the past.
To be honest: I am realy still waiting to see any rational reason to update (and and therefore a reason to nudge users by that popup).

No answer?

⠀⠀⠀⠀⠀⠀⠀Hm....
https://abload.de/img/meme-faces-png-free-fxakjg.png

Some weird people could think, there are other reasons than providing security for your absolute will to bring updated code on users computers.

What is there to answer? Just update. Updates bring fixes to bugs. Many classes of bugs are potential security vulnerabilities. Not updating leaves you vulnerable. Simple as that.

Update good, old version bad.

⠀

1. Why did you disable the image in my last post?
   A small image of a thinking person is to offensive for you?
   Is it your daily business to alter other peoples postings to make them the way you like them?
   By the way, that does not increase your authenticity...

   ⠀⠀⠀⠀⠀⠀⠀Hm....
   https://abload.de/img/meme-faces-png-free-fxakjg.png

   ⠀
2. Maybe you do not remember all the postings in this thread. So let me summarize them for you: No one had a problem with any bug. So your answer

   Updates bring fixes to bugs.

   is simply off-topic and - sorry - useless blabla. The only bug imho, is that annoying dialog.
   ⠀
   ⠀
3. I know: repeating the same argument again and again in slightly other words is a legit way to muzzle an opponent. What do I mean? Do you see any similaritys between this both postings of yours?

   Many classes of bugs are potential security vulnerabilities.

   Attackers have ample time analyzing outdated software for potential vulnerabilities.

   I could also simply repeat my answer to that, but I hope you do not expect me to have a conversation on the same level as you, don't you? So let me change the way we talk: Dear Tim, please! Please give us one example of how an outdated FileZilla installation was attacked in the past. Seriously. Only one. And I really please you to do so.

⠀
⠀
PS. I like to make things correctly, so I save the complete thread every time after a new posting of mine as a mhtml-file and additionally as a PDF. So I can see if changes are made to any posting. And yes, I know how to use Beyod Compare.

1) Protecting user privacy. No external auto-loaded content.
2) Most users don't realize they have problems with bugs, until they experience a bug. Updating ensures they never experience the known bugs in the first place. Car analogy: If the braking fluid in your car is worn down, you won't notice it until you have to make an emergency brake and then cannot stop in time (crash). So you exchange (update) the fluid regularly just in case.
3) Funny, I was thinking the same, I have to refute the same claims over and over again.

1. OK.
2. Nice comparison, but off topic. If users who opted out "automatic update checks" stumble on bugs, they can simply update.
3. You did not "refute" anything.

By the way:

Please don't link to external sites. That's advertising and not allowed here.

Is a bit of schizophrenic, because you yourself link to external sites from time to time. For example here, here and here. But it is your forum and rules only seeem to apply to others, not yourself.

I will leave the conversation at this point, because there is no will to listen to the people using FileZilla. And there is no real conversation anymore as you also mentioned before.
At the end, I want to say one thing: Thank you and your team for creating and maintaining FileZilla. You spend a lot of time in this project and I appreciate that. Stay healthy.

All links from us are on-topic. They apply to the questions asked. botg linked to Apple support and letsencrypt.org, a certification provider service that is even used by FileZilla Server directly. I linked to Wikipedia for an explanation. What a crime. I won't post clickable links to questionable or commercial sites, they are only plaintext, in this case.

You linked to Beyond Compare, a commercial product's site. They sell the product and they advertise it. You are therefore not allowed, by the forum TOS (you had to agree to them at time of registration), to link to such sites, as that is advertising the product. Stating the product's name is OK, and every user with at least half a brain and access to a search engine will be able easily find it. The rest doesn't need it.

Just update. If you don't want to update, that's fine as well, but don't complain to us if you don't like the consequences, such as the update dialog showing up. Ending this pointless discussion.