Comment 239 for bug 332945

Additionally, I think the current procedure opens a huge security leak. If people get used to pop-up windows asking for updates, it will be no problem imitating these pop-up windows with java-script and make them look exactly the same. And since you are used to entering your password when you update the system, the user will not even get suspicious if they have to enter it. Or is this issue somehow being taken care of?

On the other hand, with the current system, nobody from outside the computer can just put an icon into the notification area. This is only possible, if the malware is on the computer, but then it's too late anyway.