How many Flash Player updates is too many?
Summary: The single most common complaint I hear about Flash Player is that there are too many updates. But are there really? I couldn't find a comprehensive list, so I made my own. Guess how many updates Adobe has delivered this year alone?
You want to set off a firestorm of comments from angry and frustrated PC users? Just write about Adobe's Flash Player.
Last week I wrote about a pair of new security studies that emphasize the importance of updating widely used third-party products like Adobe's Flash Player and Reader to avoid becoming a victim of drive-by malware installations. I was prepared for, shall we say, full and frank feedback. (That's the euphemism politicians use when they really mean a knock-down, drag-out screaming match.) And I wasn't disappointed.
The single most common complaint I heard was about the frequency of updates for the Flash Player, and what a pain in the rear the update process is, especially for Windows users. But one thing I have never seen is an actual count of just how often the Flash Player gets updated. That list is not in Wikipedia, it's not on Adobe's product pages for Flash runtimes, and I couldn't find anyone else who had done the work.
So I decided to do it myself, pulling together what I believe is a complete list, using a variety of sources.* (If you have corrections or additions, feel free to leave them in the Talkback section or send me a note.)
Flash Player 10 was released in October 2008. I can't find any details about updates to the 10.0 release, so my census starts with version 10.1, which was released exactly 16 months ago. All of the following updates are for Windows; you'll find minor variations in version numbers and release dates if you look at other platforms, although the general timeline is the same.
- Flash Player 10.1.53.64 – June 10, 2010 (10.1 initial release)
- Flash Player 10.1.82.76 – August 10, 2010
- Flash Player 10.1.85.3 – September 20, 2010
- Flash Player 10.1.102.64 – November 4, 2010
- Flash Player 10.2.152.26 – February 8, 2011 (10.2 initial release)
- Flash Player 10.2.152.32 – March 8, 2011
- Flash Player 10.2.153.1 – March 21, 2011
- Flash Player 10.2.159.1 – April 17, 2011
- Flash Player 10.3.181.14 – May 12, 2011 (10.3 initial release)
- Flash Player 10.3.181.16 (Windows only) – May 31, 2011
- Flash Player 10.3.181.22/23 – June 5, 2011
- Flash Player 10.3.181.26 – June 14, 2011
- Flash Player 10.3.181.34 – June 28, 2011
- Flash Player 10.3.183.5 – August 9, 2011
- Flash Player 10.3.183.7 – August 26, 2011
- Flash Player 10.3.183.10 – September 21, 2011
- Flash Player 11.0.1.152 – October 3, 2011 (11.0 initial release)
Wow, that is indeed a lot of updates. By my count, the Flash Player for Windows has been updated 17 times in the 16 months since Flash Player 10.1 was officially released. The pace has picked up this year, with 13 individual updates in the past eight months alone.
Most of the updates address security issues. (One noteworthy exception is the May 31 update to version 10.3.181.14, which fixed a horrible bug with Internet Explorer 9 and hardware-accelerated graphics.) Several of them were released to address zero-day vulnerabilities that were being used in targeted attacks by malware authors.
June 2011 was a particularly busy month, with three separate updates in a little over three weeks. In both March and August of this year, Adobe pushed out two updates.
In addition to sheer volume, there's the nuisance factor of the updating process, which is not automatic, typically requires closing all browser windows, and then demands multiple clicks to complete the update process. If you use Firefox and Internet Explorer, you need to install different updates for each browser (Google Chrome incorporates Flash Player directly into the browser and has its own auto-update mechanism.) For techies and IT pros who own or support multiple PCs, the process is compounded by the number of PCs under management.
So what are the alternatives to this tedious process for consumers and small businesses? The best option currently available, in my opinion, is one of several third-party auto-updaters that handle this work. I recommend two:
- Ninite Updater costs $10 per year for a single machine, with volume discounts for multiple PCs that cut the annual cost per machine down to as little as $4. It supports 92 apps, including the frequently targeted Adobe Reader, Flash Player, and Java JRE.
- Secunia Personal Software Inspector (PSI) is free for personal use. It requires a bit more interaction than Ninite's product, but it does an excellent job of updating programs after you make a few selections.
I would love to see Adobe release an updater that isn't so intrusive. Give me an updater that works like Windows Update, where I give it permission in advance to download and install updates as soon as they're available. That type of utility would offer a tremendous improvement in security for friends and family.
One thing I don't expect to see any time soon is an option to receive updates from Adobe and other third-party software developers through the Microsoft Update infrastructure. That's certainly possible, even likely, with apps developed for Windows 8 and sold through Microsoft's app store. But it won't happen for conventional Windows apps.
Meanwhile, anyone want to take bets on when the first Flash 11 update will arrive?
*Sources:
- Adobe Flash Platform Runtime Releases (blog)
- Flash Player 10.3 Release Notes
- Flash Player 10.2 Release Notes
- Flash Player 10.1 Release Notes
Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.
Talkback
The problem...
That means we should have had 5 "planned", but instead we have had, maybe, 3 updates that could coincide with planned release dates and updates and 14 OMFGs!
On the one hand, it is good news that Adobe are starting to take security seriously and release patches when there are critical problems with their platform, on the other hand, it is very worrying how often those "out of cycle" critical patches turn up.
It is the main reason I have Flash disabled on all of my macines by default and enable it on a case by case basis (ClickToFlash or FlashBlock).
We expect Windows to update monthly and it generally does so, quietly, in the background, and reports that a restart is necessary, when it has finished.
But throw in Adobe Reader, Java, FileZilla, Firefox and a few other third party apps and it seems like you are being prompted for updates on a nearly daily basis.
If Microsoft would open their updater technology to other software companies to deliver their updates, it would be a lot quieter on the desktop front - and possibly safer and quicker; on low powered machines, I generally remove the autoupdater apps that run in the background and clog up memory and processor cycles (my last client was still running on P4 machines with 256MB RAM, trying getting Flash and Java updaters and AV software to run nicely in that and still be able to work!).
RE: How many Flash Player updates is too many?
Also other companies have started to help find bugs in flash player and other adobe products. Google donated some engineers and a huge amount of time to find bugs in flash player and help fix them.
Also you would have to consider bandwidth issues if Microsoft allowed other companies to use there updater technology that can get pretty expensive quickly with all the updates that occur on a monthly basis.
RE: How many Flash Player updates is too many?
I don't like multiple auto-updaters running on my PC either (I also disable them).
There should be a section in the Window Update window for 3rd party updater services.
Each service could have a check box to enable/disable it.
After Windows has checked for and installed its update(s) it would activate each updater, one at a time.
Each updater would retrieve and install its update(s) and then be shut off.
This would be repeated until all the enabled updaters had completed their checks.
Microsoft wouldn't supply the updates, they would come from the companies who provided the updaters.
RE: How many Flash Player updates is too many?
It should also be possible for any user to install security updates to programs that are already installed without an admin password. We're not talking about installing a brand new program, but updating one that is already there.
It is really ridiculous that in 2011 75% of the applications on a PC are out of date and you can't update them because IT doesn't have time to come over and enter the admin password.
RE: How many Flash Player updates is too many?
RE: How many Flash Player updates is too many?
I admit that my suggestion sounds very similar to Linux updating.
The Linux update system work well for programs that are in the repository.
<b>If you manually install programs, you still have to manually update those programs.</b>
Therefore you are no better off, than if you exclusively used MS software. :)
RE: How many Flash Player updates is too many?
If you go over that amount, you lose your intenet for at least 24 hours, unless your willing to pay an extra fee to have it restored.
And unfortunately for some like myself, this is not by choice, DSL and cable are not available for my area, even though I have a business.
There is an unlimited time, which I believe is between 2:30 am to 6:00 am, but that would mean having to run back to the shop and make sure the updates took place.
Even though I try to make sure the updates for Windows take place at 3:00 am, 1 rain/snow/wind storm and we have a lost signal, and then the internet doesn't always resume by itself, sometimes I have to reset the router manually.
Satellite Sucks....
RE: How many Flash Player updates is too many?
Using Microsoft's updater is an excellent idea for third party vendors to submit updates. It would provide one safe and secure place to receive updates. it could force some kind of integrity to the updater.
RE: How many Flash Player updates is too many?
RE: How many Flash Player updates is too many?
RE: How many Flash Player updates is too many?
Flash is a disaster.
I've stopped using it
Long been fed up with how long it was taking
Kept reading about vulnerabilities
The sooner it is displaced by alternatives the better
Adobe should think about what all this does to its reputation
Especially after problems with security and bloat with its pdf reader. Would I try a big Adobe application first if there was an alternative??
I appreciate that there are people at Adobe trying hard, but it can't be that the overall corporate system is right. Adobe you kicked me long enough and hard enough - I get the message
RE: How many Flash Player updates is too many?
RE: I stopped using it
RE: How many Flash Player updates is too many?
I guess you have no clue of what Flash really is
There are very few "video" websites that require Flash today. Most use a Flash player as default but it is not required. For example, YouTube will work just fine (and more efficiently) on an HTML 5 compatible browser without Flash. Same thing for Hulu, Metacafe and lost of the top video websites.
FACT: Flash is NOT required to play a video.
RE: How many Flash Player updates is too many?
RE: How many Flash Player updates is too many?
Provided any updates are merely to fix security flaws or general bugs, I don't see this being a major problem if they are installed silently using minimal user input.
RE: How many Flash Player updates is too many?
Happened for years in Linux, it's called repositories
RE: How many Flash Player updates is too many?