How Silverlight Update Works

Silverlight is designed to make the update experience as seamless as possible, but its designers also considered security awareness as well as enabling user or enterprise managed overrides.

 

Silverlight knows to kinds of updates .

 

1.       Security related updates. Silverlight checks for security related updates once every 24 hours. Security related updates patch vulnerabilities, but do not provide new features. The 24 hour check interval minimize your exposure  to known vulnerabilities.

 

2.       Feature updates. Silverlight checks for feature updates once every 30 days. Feature updates are releases delivering new capabilities, you know the things that help you build even better Silverlight experiences. For example, Silverlight RC is going to check for the 1.0 release once every 30 days.

 

The Silverlight control has to be running for those checks to occur -- which means the control has to be playing content (which shouldn't be a big deal since there's going to be a LOT of content). When Silverlight will automatically downloads the new version in the background when an update is available and then runs the installation in silent mode to make the new version available the next time your browser starts. Unfortunately, the restart is necessary to unlock the loaded DLL -- remember the control had to be loaded to check for the upgrade. Silverlight will not prompt you to restart the browser if it downloaded a feature updates though. The new version will just magically be there.

 

Getting security updates installed quickly is more important , because they help you to reduce exposure to vulnerabilities, Silverlight will prompt your to close and re-open your browser to make sure you're safe and your time of exposure is as short as possible.

 

In most cases the automatic installation of updates means that users should have the latest Silverlight control installed when they browse to a page with content that requires a recently released Silverlight version. There may be a few cutting edge users that browse to content that requires the latest features before it's time for Silverlight to check for a feature update. In that case, you'll see a nice logo (hopefully) to tell you that Silverlight is downloading a new version for you right now and you'll have to wait until download and in-place upgrade are complete. Then you restart your browser and navigate back to your cutting edge content site.

 

Now, there are a few exception scenarios where Silverlight's update behavior is different:

·         You're running on a Mac … your Mac may be cooler than my Thinkpad, but it will detect that an update is available and, based on your update configuraion, redirect you to a Microsoft site to update your version. Your browser will navigate to the Silverlight download page and ask you to verify and install the new Silverlight version.

·         You don't like updates and chose to opt out of update checks in the Silverlight configuration. Your choice. We respect your choice and Silverlight will not automatically download and update to new versions. We do believe it's important that you know about security updates and therefore go ahead and check (once every 24 hours) for available update. Instead of downloading and installing updates in the background, we prompt to ask you if you want to install the upgrade. ·         You work in an enterprise that prefers to retain full control over the software that's running on your computer. They can fully prevent Silverlight from any checking and prompting, get the updates from WSUS an install as they deem necessary.

 

You see that there's a wide variety of options from automatically, mostly hidden to fully manual.

 

12 Comments

  • The question that you don't answer is - do they all update on the same day such as the 15th of the month? Or is it a rolling 30 from the time that they install so there would be a rolling wave that's 30 days long of everyone updating?

  • davidacoder,

    I'm trying to imagine what Windows Update on MacOS would look like...

    Seriously, part of the Silverlight story is multi-OS, multi-browser. Windows Update is not the answer here.

    As for potential security holes on start up, I *vastly* prefer this approach to the incredibly intrusive updaters used by the other plug ins you mentioned (and Windows Update, for that matter). This way, at least, the update check can (subject to user settings) be done way more often than the typical once-a-day checks of the background resource pigs.

    That, my friend, is the big picture.

  • Josh,

    It's a rolling wave update. The count starts from the day of installation.

    HTH,
    Christoph

  • Davidacoder,

    For V1 it was most important to have a solution that works on all supported platforms, not just the ones that can reach Microsoft Update.

    I can't predict the future, but if there's enough demand for updates via Microsoft update then we could see it in future versions.

    HTH,
    Christoph

  • So speaking of updates. Now that I have just installed this release candidates, existing silverlight examples no longer run, they request that I install an old version which the installer says I can't because I have a new version. Why am I forced into only having one version at a time?

  • @Stuart M: The setup code is seperate for each platform in any case. The Windows version uses MSI, I don't know about the Mac installer, but I assume it is something different. "Cross-Platform" means that it can run on both platforms, it does (and cannot) mean that implementation will be exactly be the same on both platforms, that would just be silly.

  • I'm trying to deploy Silverlight in my client network. The problem is most of the users are of Restricted type ( ie. No modify/write permissions in Silverlight's install folder). In such a scenario How'll the update behave?

  • How will the Silverlight 2.0 update work? Presumably 2.0 is considered a "feature upgrade" to SL1. Presumably: w/in 30 days users viewing SL1 content would get SL2 automatically. But what about SL1 users that haven't updated to SL2 yet that browse to SL2 content? Will they just see a temporary "updating to SL2" progress and then a message to refresh their browser? No prompts? Will we developers need to do something special in our html/aspx to support this or will it be automatic? Great article by the way!

  • ik heb per ongeluk de software verwijderd.
    Het is mij fout

  • the last bullet says if youuse WSUS you can prevent it from promting to update. This is not the case for us, we use WSUS and a user was prompted.

  • Please.

    So now we all have to check in with MS everyday? What other info is it delivering. Call me crazy. Somebody please let me know what other software I need to disable to keep the constant monitoring off my system.

  • You have got an excellent writing style. I love it.

Comments have been disabled for this content.