Editorial Being one of the most prolific sources of security vulnerabilities in Windows and other platforms, Adobe Flash Player needs no introduction. In spite of that reputation, and the fact that the rest of the industry is moving away from Flash, Microsoft surprised many of us by bundling the software with its operating system for the first time with Windows 8. This is after previously announcing that they wouldn't allow Flash in the Metro version of Internet Explorer 10 -- a decision the company later reversed. I have to wonder if qualms such as these played a role in Steven Sinofsky's departure, but that's another discussion.
I was glad when the Adobe Flash Player Updater was released in March. Finally the day had come when our machines would be silently updated with the latest Flash version. In the past, when visiting a friend or relative, I’d always check Adobe or Mozilla's websites and update the software if necessary.
But as glad as I was about the new updater, many PCs I visited still had the old version of Flash, since version 10.2 or later with the built-in Flash Updater had never been installed on them. So, I kept updating machines... and then I started noticing that even systems with 10.2 or later weren't being automatically updated either.
After some time, it dawned on me why this was. When doing a full point release such as v10.4 to v10.5, the updater doesn't download the latest version and installs it silently even if set to do so. Instead, it brings up the update dialog as shown below when you start or restart your computer:
Now, anyone who knows end users knows this is bad, because they will just click the window away instead of heeding its warning. But it gets worse. If you actually click on the "download" button, the updater doesn't quietly install the latest version of Flash. Instead, it opens an Adobe Flash download page in your browser with bloatware like the Google Toolbar and McAfee Security Scan Plus preselected.
The pain doesn't end there though. The Flash Updater requires Administrator privileges, so if you're a normal user, you won't even see the prompt and the update won't be installed until 30 days later, according to Adobe. But I have seen countless installs "stuck" at interim versions only to pop up the download window when I logon as an Administrator, so I have my doubts about if this works in the majority of cases at all.
On top of this, Adobe Flash is split into two separate packages, one "ActiveX" version for Internet Explorer and another "Plugin" version for browsers like Firefox and Opera (Chrome has Flash built in). So if you download the Flash update through your browser, you will only be updating one of your installed versions, and since the updater simply uses your system's default browser for showing the download page, you will only be able to get one of the updates this way, while you have to download the other manually.
Below you can see the result of clicking the "download" button, which takes you from one full point release to another. Keep in mind this install is done by a download manager. How hard would it have been for it to update both Flash plugins!?
Why are they different then? That comes down to how the updater works. It creates a scheduled task that runs once per hour, but it can only do one update at a time.
In the same picture above there is a "check now" button. You might think this checks for updates but it doesn't. Instead, it brings up the same "About Flash" page I mentioned earlier, but with the same caveat as explained about the updater: it opens in your default browser.
While we're on the topic, how is it that my system needs to have several different updaters from the same company? Acrobat Reader is just as insecure as Flash!
Would it really be so hard to release one updater that handles all your software? I guess it boils down to whether or not your company likes to release bloated crap. To make a small comparison, here is the installed size of three file archivers, all of them the latest stable versions:
- 7-Zip x64 v9.20: 4.37MB
- WinRAR x64 v4.20: 4.45MB
- WinZIP x86 v17: 110MB
Would you be shocked if I told you these programs are listed from best to worst when it comes to the compression ratio they achieve? And also that when installing the last one, you have to be very careful not to get your system bloated with toolbars, since just like Flash it uses a download manager? And that the first one is free, while the others are not? (Don't get me wrong I love WinRAR and have a paid license as I simply like it more than 7-Zip, but that's my preference.)
Before Flash was released, the web didn't need powerful computers to be enjoyable, but today it does. This is in large part due to the laziness of Flash-focused developers. Former Apple CEO Steve Jobs noted: "The difference is striking: on an iPhone, for example, H.264 videos play for up to 10 hours, while videos decoded in software play for less than 5 hours before the battery is fully drained."
There are plenty of alternatives for Adobe's other software. To handle PDF files, I can install a third party program like PDF-XChange Viewer (installed size is 17MB for the latest x64 version vs 135MB for Adobe Reader x86 v9.5.2 -- I may sound like a broken record, but guess which one offers better performance and more functionality?).
However, it isn't that simple with Flash. I have several friends that play Zynga's Flash-based games that have asked me why performance is so poor. I have tried to help them because they are of the more interesting gender, but I have always failed to achieve a substantial improvement.
And you know what, if Zynga released a native client for its crappy Flash games, they would run great on a Pentium 486, just like the 17-year-old SimCity 2000 does, which arguably has better graphics and more advanced mechanics, but I digress.
I have a wish for Christmas, Adobe: can you please fix your software updater so it works properly in 2013? Failing that, can the online community please move on to HTML5 and just let Flash die already?