10 Million ‘Update to Secure Flash Version’

Last week, Mozilla started placing a warning message on its welcome page, seen by users after they upgrade Firefox to the latest version, informing the user if they have an out of date Flash Player. Now the stats have been crunched, and the result is that 10 million people have clicked the link, doing more than Adobe’s own efforts to keep people up to date.

The assumption that those who click a link to go to Adobe also successfully manage to download and install the Flash Player is a stretch. Mozilla have not measured the number of people who, after having clicked the link succeeded in downloading the Flash player and installed it.

As somebody who fixes PCs for a living, and has on a number of occasions had to talk people over the phone on installing Flash because they literally couldn’t do it, I’m inclined to believe that Mozilla have succeeded in little more than annoying a lot of people and leaving “flash_installer.exe”, “flash_installer (1).exe” and “flash_installer (2).exe” on their desktop as the user does not know that to fully close Firefox (as the installer is prompting them) they have to close the downloads window too for the process to end.

And that’s without the fact that Adobe tries to first thrust the Adobe Download Manager upon you, even as an unwanted Firefox extension and if that’s not enough to put you off, they want to install McAfee security scan too.

Adobe treating their update page as some kind of brand-hammer with which to hit users with and to sell out to advertisers wanting to load yet-one-more craplet on user’s PCs is offensive and wholly disrespsectful. It waters down the importance of security updates and only weakens user’s trust to install security updates if it only adds more crap to their PC each time. That is no way to improve the security of the web. Adobe need one giant kick up the rear side for this behaviour.

Flash is a major security threat on most computers. Adobe only check for updates once every month by default, and the update process is so bad that it leaves people unable to complete updates whilst zero-day Flash exploits are going around.

Mozilla do plan to improve this process by including plugin checking and updating directly in Firefox. This would be a massive boon to web users and the claims of 10 million people getting Flash updates would actually mean something to web-security as a whole. For this, I applaud Mozilla for taking the initiative; it can’t come soon enough.

But then, if the browser can update Flash without going to Adobe’s site, how are Adobe going to monetize all that traffic into real cash-money?

13 Comments

  1. 2009-09-21 11:39 pm
    • 2009-09-22 2:42 am
      • 2009-09-22 4:58 am
  2. 2009-09-22 12:07 am
  3. 2009-09-22 12:10 am
    • 2009-09-22 12:28 am
      • 2009-09-22 12:42 am
      • 2009-09-22 6:48 pm
        • 2009-09-23 10:37 am
    • 2009-09-22 8:17 am
  4. 2009-09-22 4:15 am
  5. 2009-09-22 7:25 am
  6. 2009-09-22 10:04 am