Last week, Mozilla started placing a warning message on its welcome page, seen by users after they upgrade Firefox to the latest version, informing the user if they have an out of date Flash Player. Now the stats have been crunched, and the result is that 10 million people have clicked the link, doing more than Adobe’s own efforts to keep people up to date.
The assumption that those who click a link to go to Adobe also successfully manage to download and install the Flash Player is a stretch. Mozilla have not measured the number of people who, after having clicked the link succeeded in downloading the Flash player and installed it.
As somebody who fixes PCs for a living, and has on a number of occasions had to talk people over the phone on installing Flash because they literally couldn’t do it, I’m inclined to believe that Mozilla have succeeded in little more than annoying a lot of people and leaving “flash_installer.exe”, “flash_installer (1).exe” and “flash_installer (2).exe” on their desktop as the user does not know that to fully close Firefox (as the installer is prompting them) they have to close the downloads window too for the process to end.
And that’s without the fact that Adobe tries to first thrust the Adobe Download Manager upon you, even as an unwanted Firefox extension and if that’s not enough to put you off, they want to install McAfee security scan too.
Adobe treating their update page as some kind of brand-hammer with which to hit users with and to sell out to advertisers wanting to load yet-one-more craplet on user’s PCs is offensive and wholly disrespsectful. It waters down the importance of security updates and only weakens user’s trust to install security updates if it only adds more crap to their PC each time. That is no way to improve the security of the web. Adobe need one giant kick up the rear side for this behaviour.
Flash is a major security threat on most computers. Adobe only check for updates once every month by default, and the update process is so bad that it leaves people unable to complete updates whilst zero-day Flash exploits are going around.
Mozilla do plan to improve this process by including plugin checking and updating directly in Firefox. This would be a massive boon to web users and the claims of 10 million people getting Flash updates would actually mean something to web-security as a whole. For this, I applaud Mozilla for taking the initiative; it can’t come soon enough.
But then, if the browser can update Flash without going to Adobe’s site, how are Adobe going to monetize all that traffic into real cash-money?
Don’t you love when an open source project do the job of a billionary company for free?
I spect a generous donation to the Mozilla project from you Adobe.
my god … lol @ billionaires ………. do you really think it is in their best interest to be dishonest. Businesspeopel do not get wealthy by being dishonest, they get wealthy by producing a product that people need, trust, and understand, it is in the best interest of the business owner to produce the best product possible…. my god ……. you people are really ignorant thinking that businesses are out to get you. The capitalist makes he world go round. Mutual profit for you and the business at hand.
And where did the OP say anything about dishonesty? And by the way, your definition about how the business world works might hold true for your country (Utopia, perhaps?) but there are many, many companies that make quite some money by screwing consumers and other companies without offering anything valuable; the patent trolls being a prime example.
Perhaps this will finally cause Adobe to realize how terrible their updater really is and fix it. I doubt it, though…
Personally, I think the best (third party) updaters I’ve seen are Google’s silent one (as much as I dislike resident programs, Google did a pretty good job with it) and I also like the Firefox approach, where it downloads updates without asking and subsequently installs them automatically on the next program restart.
Well, if users are that dumb, they deserve to receive and execute all kinds of evil viruses. And I’ll rejoice!
(Well, I did post a warning)
The last thing a user needs to be productive is to have to worry about security updates of every software he owns, that’s why auto-updaters come handy.
I think the OP was talking about the fact that clicking on a link on your home page instructing you to download an executable is somewhat dumb.
I mean, what if a site managed to set firefox’s home page in disguise? But, to be honest, I think it would be unlikely, though I never actually thought about it until now.
So, the question I believe we should be asking is: How hard would it be to, from a web site (anything more and the attacker wouldn’t really need to have you clicking the link, right?), to change a user’s home page on Firefox?
10 million infected people from downloading what appears to be a mozilla recommendation is a dreadful scenario.
A centralised update infrastructure is much nicer than a bunch of independent, always running, auto-updaters.
But it’s not such a problem if yor trust is automated, and your system is bogged down by uncountable toolbars anyway.
C:\WINDOWS>portmaster -a
‘portmaster’ is not recognized as an internal or external command, operable program or batch file.
C:\WINDOWS>ups…
It’s in noone’s interest that every user you consider dumb has any kind of virus!
I somewhat sympathize with the “dumb user” comment, but in reality what “they” do affects all of us, directly or indirectly. Aside from that, it’s not all the users’ fault. I had to disinfect my boss’s PC because he contracted a Flash-exploit virus from visiting CNN.com ( a 3rd-party ad provider had not appropriately vetted its content). He was desperate for my help as it was 2 days before he had to file his taxes.
Flash is just evil. Along with the ‘sploits is the CPU-sucking performance because Adobe hasn’t bothered to make it use the video decoding capabilities of modern GPUs. Yet I’m forced to use it because some vendor support sites insist on it. Freaking ridiculous. I hope HTML5 can displace the abomination that is Flash, but I’m not holding my breath.
@re_re: some business people do get wealthy by being dishonest. A few even get away with it. But that’s no reason to throw the capitalist baby out with the bathwater.
I’ve been waiting for this sort of fix for a LONG time. I have countless flash installers on my “Downloads” folder and it’s starting to irritate me aswell, though when I had linux (Ubuntu 9.04) installed, my Firefox managed to fetch the flashplugins without actually visiting Abobe’s homepage. I just had to agree to the licenceagreement and the browser got the plugin automatically. I’m not sure about updating the plugin though.
I am constantly trying out new operatingsystems and I have to install these flashplugins many times in a month, so it would be great to have this feature, regardless of the OS.
Edited 2009-09-22 07:26 UTC
I remember the days when, if flash was not detected, the mozilla plugins dialog box would prompt you to install it and then download and install it for you. Nowadays it just takes you to the “manual install” page on adobe’s website. What happened?