You want to set off a firestorm of comments from angry and frustrated PC users? Just write about Adobe's Flash Player.
Last week I wrote about a pair of new security studies that emphasize the importance of updating widely used third-party products like Adobe's Flash Player and Reader to avoid becoming a victim of drive-by malware installations. I was prepared for, shall we say, full and frank feedback. (That's the euphemism politicians use when they really mean a knock-down, drag-out screaming match.) And I wasn't disappointed.
The single most common complaint I heard was about the frequency of updates for the Flash Player, and what a pain in the rear the update process is, especially for Windows users. But one thing I have never seen is an actual count of just how often the Flash Player gets updated. That list is not in Wikipedia, it's not on Adobe's product pages for Flash runtimes, and I couldn't find anyone else who had done the work.
So I decided to do it myself, pulling together what I believe is a complete list, using a variety of sources.* (If you have corrections or additions, feel free to leave them in the Talkback section or send me a note.)
Flash Player 10 was released in October 2008. I can't find any details about updates to the 10.0 release, so my census starts with version 10.1, which was released exactly 16 months ago. All of the following updates are for Windows; you'll find minor variations in version numbers and release dates if you look at other platforms, although the general timeline is the same.
Wow, that is indeed a lot of updates. By my count, the Flash Player for Windows has been updated 17 times in the 16 months since Flash Player 10.1 was officially released. The pace has picked up this year, with 13 individual updates in the past eight months alone.
Most of the updates address security issues. (One noteworthy exception is the May 31 update to version 10.3.181.14, which fixed a horrible bug with Internet Explorer 9 and hardware-accelerated graphics.) Several of them were released to address zero-day vulnerabilities that were being used in targeted attacks by malware authors.
June 2011 was a particularly busy month, with three separate updates in a little over three weeks. In both March and August of this year, Adobe pushed out two updates.
In addition to sheer volume, there's the nuisance factor of the updating process, which is not automatic, typically requires closing all browser windows, and then demands multiple clicks to complete the update process. If you use Firefox and Internet Explorer, you need to install different updates for each browser (Google Chrome incorporates Flash Player directly into the browser and has its own auto-update mechanism.) For techies and IT pros who own or support multiple PCs, the process is compounded by the number of PCs under management.
So what are the alternatives to this tedious process for consumers and small businesses? The best option currently available, in my opinion, is one of several third-party auto-updaters that handle this work. I recommend two:
I would love to see Adobe release an updater that isn't so intrusive. Give me an updater that works like Windows Update, where I give it permission in advance to download and install updates as soon as they're available. That type of utility would offer a tremendous improvement in security for friends and family.
One thing I don't expect to see any time soon is an option to receive updates from Adobe and other third-party software developers through the Microsoft Update infrastructure. That's certainly possible, even likely, with apps developed for Windows 8 and sold through Microsoft's app store. But it won't happen for conventional Windows apps.
Meanwhile, anyone want to take bets on when the first Flash 11 update will arrive?