Adobe’s Flash Updater: Bloated, Confusing & Shady

Editorial Being one of the most prolific sources of security vulnerabilities in Windows and other platforms, Adobe Flash Player needs no introduction. Despite that reputation, and the fact that the rest of the industry is moving away from Flash, Microsoft surprised many of us with Windows 8 for the first time by bundling software with its operating system.

This follows an earlier announcement that they would not allow Flash in the Metro version of Internet Explorer 10 – a decision that was later reversed by the company. It makes me wonder whether such qualifications played a role in Steven Sinofsky’s departure, but that’s another discussion.

I was delighted when the Adobe Flash Player Updater was released in March. The day has finally arrived when our machines will be quietly updated with the latest Flash version. In the past, when I was visiting a friend or relative, I would always check Adobe or Mozilla’s websites and update the software if necessary.

But as ecstatic as I was about the new updater, many of the PCs I visited still had the older version of Flash, as version 10.2 or later with the built-in Flash updater was never installed on them. So, I kept updating the machines… and then I started noticing that even 10.2 or later systems weren’t updating automatically.

After some time I wondered why this is so. When doing full point releases such as v10.4 to v10.5, the updater does not download the latest version and installs it silently even if it is set to do so. Instead, when you start or restart your computer, it brings up the update dialog as shown below:

Now, anyone who knows end users knows this is bad, because they’d rather just click the window away than heed its warning. But it gets worse. If you actually click the “Download” button, the updater doesn’t silently install the latest version of Flash. Instead, it opens an Adobe Flash download page in your browser with Google Toolbar and bloatware like McAfee Security Scan Plus.

However, the pain does not end here. Flash Updater requires administrator privileges, so if you’re a normal user, you won’t even see the prompt and the update won’t be installed until after 30 days, according to Adobe. But I’ve seen countless installs “stuck” in interim versions only to pop up a download window when I logon as an administrator, so I have my doubts about whether this works in most cases .

On top of this, Adobe Flash is split into two separate packages, one “ActiveX” version for Internet Explorer and the other “Plugin” version for browsers like Firefox and Opera (Chrome has Flash built in). So if you download Flash Update through your browser, you will only be updating one of your installed versions, and since the updater only uses your system’s default browser to show the download page, You will be able to get only one update out of this update. way, while you have to download the other one manually.

Below you can see the result of clicking the “Download” button, which takes you from one completed point release to another. Keep in mind that this installation is done by a download manager. How hard must it have been for him to update both flash plugins!?

Then why are they different? It comes down to how the updater works. This creates a scheduled task that runs once per hour, but it can only do one update at a time.

In the same picture above there is a “Check Now” button. You might think that it checks for updates but it doesn’t. Instead, it brings up the same “About Flash” page I mentioned earlier, but with the same caveat as the about updater: it opens in your default browser.

While we’re on the topic, how is it that my system needs several different updaters from the same company? Acrobat Reader is just as vulnerable as Flash!

Would it really be that hard to release one updater that handles all your software? I guess it boils down to whether or not your company likes to release bloated crap. To make a small comparison, here are the installed sizes of the three file archivers, all with the latest stable versions:

Would you be shocked if I told you that these programs are listed from best to worst when it comes to the compression ratio they achieve? And also when installing the last one, you have to be very careful that your system doesn’t get bloated with toolbars, because just like Flash it uses a download manager? And that the first is free, while the others are not? (Don’t get me wrong I love WinRAR and have a paid license because I like it more than just 7-Zip, but that’s my preference.)

Before Flash was released, the web didn’t require powerful computers to be enjoyable, but it is today.

Leave a Comment