How many Flash Player updates is too many?

How many Flash Player updates is too many?

Summary: The single most common complaint I hear about Flash Player is that there are too many updates. But are there really? I couldn't find a comprehensive list, so I made my own. Guess how many updates Adobe has delivered this year alone?

SHARE:

You want to set off a firestorm of comments from angry and frustrated PC users? Just write about Adobe's Flash Player.

Last week I wrote about a pair of new security studies that emphasize the importance of updating widely used third-party products like Adobe's Flash Player and Reader to avoid becoming a victim of drive-by malware installations. I was prepared for, shall we say, full and frank feedback. (That's the euphemism politicians use when they really mean a knock-down, drag-out screaming match.) And I wasn't disappointed.

The single most common complaint I heard was about the frequency of updates for the Flash Player, and what a pain in the rear the update process is, especially for Windows users. But one thing I have never seen is an actual count of just how often the Flash Player gets updated. That list is not in Wikipedia, it's not on Adobe's product pages for Flash runtimes, and I couldn't find anyone else who had done the work.

So I decided to do it myself, pulling together what I believe is a complete list, using a variety of sources.* (If you have corrections or additions, feel free to leave them in the Talkback section or send me a note.)

Flash Player 10  was released in October 2008. I can't find any details about updates to the 10.0 release, so my census starts with version 10.1, which was released exactly 16 months ago. All of the following updates are for Windows; you'll find minor variations in version numbers and release dates if you look at other platforms, although the general timeline is the same.

  • Flash Player 10.1.53.64 – June 10, 2010 (10.1 initial release)
  • Flash Player 10.1.82.76 – August 10, 2010
  • Flash Player 10.1.85.3 – September 20, 2010
  • Flash Player 10.1.102.64 – November 4, 2010
  • Flash Player 10.2.152.26 – February 8, 2011 (10.2 initial release)
  • Flash Player 10.2.152.32 – March 8, 2011
  • Flash Player 10.2.153.1 – March 21, 2011
  • Flash Player 10.2.159.1 – April 17, 2011
  • Flash Player 10.3.181.14 – May 12, 2011 (10.3 initial release)
  • Flash Player 10.3.181.16 (Windows only) – May 31, 2011
  • Flash Player 10.3.181.22/23 – June 5, 2011
  • Flash Player 10.3.181.26 – June 14, 2011
  • Flash Player 10.3.181.34 – June 28, 2011
  • Flash Player 10.3.183.5 – August 9, 2011
  • Flash Player 10.3.183.7 – August 26, 2011
  • Flash Player 10.3.183.10 – September 21, 2011
  • Flash Player 11.0.1.152  – October 3, 2011 (11.0 initial release)

Wow, that is indeed a lot of updates. By my count, the Flash Player for Windows has been updated 17 times in the 16 months since Flash Player 10.1 was officially released. The pace has picked up this year, with 13 individual updates in the past eight months alone.

Most of the updates address security issues. (One noteworthy exception is the May 31 update to version 10.3.181.14, which fixed a horrible bug with Internet Explorer 9 and hardware-accelerated graphics.) Several of them were released to address zero-day vulnerabilities that were being used in targeted attacks by malware authors.

June 2011 was a particularly busy month, with three separate updates in a little over three weeks. In both March and August of this year, Adobe pushed out two updates.

In addition to sheer volume, there's the nuisance factor of the updating process, which is not automatic, typically requires closing all browser windows, and then demands multiple clicks to complete the update process. If you use Firefox and Internet Explorer, you need to install different updates for each browser (Google Chrome incorporates Flash Player directly into the browser and has its own auto-update mechanism.) For techies and IT pros who own or support multiple PCs, the process is compounded by the number of PCs under management.

So what are the alternatives to this tedious process for consumers and small businesses? The best option currently available, in my opinion, is one of several third-party auto-updaters that handle this work. I recommend two:

  • Ninite Updater costs $10 per year for a single machine, with volume discounts for multiple PCs that cut the annual cost per machine down to as little as $4. It supports 92 apps, including the frequently targeted Adobe Reader, Flash Player, and Java JRE.
  • Secunia Personal Software Inspector (PSI) is free for personal use. It requires a bit more interaction than Ninite's product, but it does an excellent job of updating programs after you make a few selections.

I would love to see Adobe release an updater that isn't so intrusive. Give me an updater that works like Windows Update, where I give it permission in advance to download and install updates as soon as they're available. That type of utility would offer a tremendous improvement in security for friends and family.

One thing I don't expect to see any time soon is an option to receive updates from Adobe and other third-party software developers through the Microsoft Update infrastructure. That's certainly possible, even likely, with apps developed for Windows 8 and sold through Microsoft's app store. But it won't happen for conventional Windows apps.

Meanwhile, anyone want to take bets on when the first Flash 11 update will arrive?

*Sources:

Topics: Operating Systems, Browser, Security, Software, Windows

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

119 comments
Log in or register to join the discussion
  • The problem...

    Is that Adobe promised quarterly updates for Flash, unless there were serious security issues that warranted an out of cycle patch.

    That means we should have had 5 "planned", but instead we have had, maybe, 3 updates that could coincide with planned release dates and updates and 14 OMFGs!

    On the one hand, it is good news that Adobe are starting to take security seriously and release patches when there are critical problems with their platform, on the other hand, it is very worrying how often those "out of cycle" critical patches turn up.

    It is the main reason I have Flash disabled on all of my macines by default and enable it on a case by case basis (ClickToFlash or FlashBlock).

    We expect Windows to update monthly and it generally does so, quietly, in the background, and reports that a restart is necessary, when it has finished.

    But throw in Adobe Reader, Java, FileZilla, Firefox and a few other third party apps and it seems like you are being prompted for updates on a nearly daily basis.

    If Microsoft would open their updater technology to other software companies to deliver their updates, it would be a lot quieter on the desktop front - and possibly safer and quicker; on low powered machines, I generally remove the autoupdater apps that run in the background and clog up memory and processor cycles (my last client was still running on P4 machines with 256MB RAM, trying getting Flash and Java updaters and AV software to run nicely in that and still be able to work!).
    wright_is
    • RE: How many Flash Player updates is too many?

      @wright_is Adobe Flash has been and still is one of the most used vectors for attacking computers. It also is used all over the web. That is part of the reason why it patched on a monthly basis.

      Also other companies have started to help find bugs in flash player and other adobe products. Google donated some engineers and a huge amount of time to find bugs in flash player and help fix them.

      Also you would have to consider bandwidth issues if Microsoft allowed other companies to use there updater technology that can get pretty expensive quickly with all the updates that occur on a monthly basis.
      d_parker1
    • RE: How many Flash Player updates is too many?

      @wright_is
      I don't like multiple auto-updaters running on my PC either (I also disable them).
      There should be a section in the Window Update window for 3rd party updater services.

      Each service could have a check box to enable/disable it.
      After Windows has checked for and installed its update(s) it would activate each updater, one at a time.
      Each updater would retrieve and install its update(s) and then be shut off.
      This would be repeated until all the enabled updaters had completed their checks.

      Microsoft wouldn't supply the updates, they would come from the companies who provided the updaters.
      lehnerus2000
      • RE: How many Flash Player updates is too many?

        @lehnerus2000

        It should also be possible for any user to install security updates to programs that are already installed without an admin password. We're not talking about installing a brand new program, but updating one that is already there.

        It is really ridiculous that in 2011 75% of the applications on a PC are out of date and you can't update them because IT doesn't have time to come over and enter the admin password.
        Doctor Demento
      • RE: How many Flash Player updates is too many?

        @lehnerus2000 Please just admit you want the Linux updating model... please? ;-)
        jgm@...
      • RE: How many Flash Player updates is too many?

        @jgm@

        I admit that my suggestion sounds very similar to Linux updating.

        The Linux update system work well for programs that are in the repository.
        <b>If you manually install programs, you still have to manually update those programs.</b>

        Therefore you are no better off, than if you exclusively used MS software. :)
        lehnerus2000
      • RE: How many Flash Player updates is too many?

        @lehnerus2000 The only problem I see with auto updating for 3rd party software, would be for Satellite Internet users that have a max download of 300 to 350 megabytes a day.

        If you go over that amount, you lose your intenet for at least 24 hours, unless your willing to pay an extra fee to have it restored.

        And unfortunately for some like myself, this is not by choice, DSL and cable are not available for my area, even though I have a business.

        There is an unlimited time, which I believe is between 2:30 am to 6:00 am, but that would mean having to run back to the shop and make sure the updates took place.

        Even though I try to make sure the updates for Windows take place at 3:00 am, 1 rain/snow/wind storm and we have a lost signal, and then the internet doesn't always resume by itself, sometimes I have to reset the router manually.

        Satellite Sucks....
        Rapid Rec
    • RE: How many Flash Player updates is too many?

      @wright_is
      Using Microsoft's updater is an excellent idea for third party vendors to submit updates. It would provide one safe and secure place to receive updates. it could force some kind of integrity to the updater.
      TsarNikky
    • RE: How many Flash Player updates is too many?

      @wright_is As long as updates are needed to fix security holes to prevent low life hackers from compromising my computer I am happy to install them. They usually only take a moment or two to complete. I don't see a problem
      mongrel1999
      • RE: How many Flash Player updates is too many?

        @mongrel1999 There isn't a "problem" as such, it is just annoying having update pop-ups nearly every day for one app or another.
        wright_is
      • RE: How many Flash Player updates is too many?

        @mongrel1999 Okay, look at it this way how many actively exploited zero day attacks have there been? So that's how often Adobe Flash exposed your computer. Not such a benign picture is it? As Ed says these are increasing in their frequency.

        Flash is a disaster.
        Jeremy-UK
  • I've stopped using it

    It has often been a slow hard pain and this time I can't get the updating system to work - other than (after a struggle) to get back to the version I already had

    Long been fed up with how long it was taking
    Kept reading about vulnerabilities

    The sooner it is displaced by alternatives the better

    Adobe should think about what all this does to its reputation

    Especially after problems with security and bloat with its pdf reader. Would I try a big Adobe application first if there was an alternative??

    I appreciate that there are people at Adobe trying hard, but it can't be that the overall corporate system is right. Adobe you kicked me long enough and hard enough - I get the message
    Ross44
    • RE: How many Flash Player updates is too many?

      @Ross44 ... Adobe hasn't cared about their reputation for some time now. If they did, they would not expect theier user base to also be their beta testers. They are all about the benjamins...
      dwhipple
    • RE: I stopped using it

      Fine. How do you watch movies, see web sites built with Flash, fill out most forms, etc? It does have too many updates and upgrades, but it is a necessary application. I hope something comes up that can compete with it, so $Adobe$ feels the heat and lower the price, make better products.
      brike2001@...
      • RE: How many Flash Player updates is too many?

        @brike2001@... I don't know about @Ross44, I just don't do anything that requires flash on my main machine. I also won't run Adobe Acrobat Reader on my system. I DECIDE when I do updates; I don't want more crapware running in the background taking up cycles. I can't find a way to run the programs without the autoupdater and I won't tolerate it.
        mvpgoblue
      • I guess you have no clue of what Flash really is

        @brike2001@... Flash is NOT a video player. Flash is a development platform.

        There are very few "video" websites that require Flash today. Most use a Flash player as default but it is not required. For example, YouTube will work just fine (and more efficiently) on an HTML 5 compatible browser without Flash. Same thing for Hulu, Metacafe and lost of the top video websites.

        FACT: Flash is NOT required to play a video.
        wackoae
      • RE: How many Flash Player updates is too many?

        @brike2001@... While I haven't tried any myself, I belive there are alternatives for PDF's, such as Foxit reader, etc. Do a quick search on Google, and I believe you'll find some of them are free...
        Rapid Rec
  • RE: How many Flash Player updates is too many?

    I think Microsoft could help here, and potentially offer an auto-update API in Windows 8 that would allow security updates for third-party apps to be delivered via Windows Update. Apple is sort-of moving towards this with the Mac App Store, as you can download updates for all of the apps you have purchased from it using the App Store application.

    Provided any updates are merely to fix security flaws or general bugs, I don't see this being a major problem if they are installed silently using minimal user input.
    nrturner
    • RE: How many Flash Player updates is too many?

      @nrturner

      Happened for years in Linux, it's called repositories
      Alan Smithie
      • RE: How many Flash Player updates is too many?

        @Alan Smithie Good point. It's nice to have all 3 apps for Linux update so painlessly.
        goombawa