Killing the Squirrel

Squirrel is an installer/updater package that is used in some software applications that we might want to package/deploy in an enterprise environment.

An open source project, Squirrel is liked by developers because it typically installs in a user context without administrative permissions (by installing into the user profile) and has an automatic updater built in. Those are two features that tend to drive Enterprise IT administrators crazy.

Oh, I get why developers like these features. Some of their customers love it. But often, a greater number of their customers don’t want these behaviors and are willing to go to great lengths to avoid it, even to the point of refusing to support the app in their organizations. Furthermore, some of the ideas that were behind the development of Squirrel are now available in other ways. UWP and MSIX apps install without elevation. And if you use the Microsoft store there is built in update technology that is better and more manageable for those that need it. This may be why the project has been on-off deprecated in recent years.

So in the next version of TMEditX (a release number greater than 3.0.0), I will be introducing a Squirrel detector and fixer. This fix defeats the squirrel by automatically bypassing the updater.

This is being done without firewall blocking of the vendor website, or altering or removing any of the squirrel components in the package; just using our understanding of how squirrel works to bypass the end-user from using the updater technology.

Killing the squirrel is necessary in some commercial environments. It is desired in quite a few others. I’m not saying Squirrel doesn’t have fans, or that those fans are wrong, just that it just nuts for other kinds of customers. Now we have a way to deal with it.

By Tim Mangan

Tim is a Microsoft MVP, and a Citrix CTP Fellow. He is an expert in App-V and MSIX.