Sorry, Adobe: Flash is the new Vista

Hey Adobe: Apple and Microsoft say you have reliability and security problems with Flash Player. A whole lot of my readers say the same thing. As do I. So, uh, when do you plan to address that elephant in the room?
Written by Ed Bott, Senior Contributing Editor

Here's some advice, Adobe. The first step on the road to recovery is admitting that you have a problem.

Yes, I know you'd rather frame your fight with Apple as a high-minded crusade for freedom, but your customers think differently. When I hear fellow PC users talk about Flash these days, I hear the exact same frustration and exasperation I heard during Vista's first year on the market. That is not the kind of word of mouth you want.

And make no mistake about it, those concerns are real. Was Steve Jobs exaggerating when he called Flash the biggest source of crashes on the Mac? Maybe a little, but I bet he has some pretty grim statistics to back that statement up. And Microsoft is reinforcing that same message, albeit more politely and with masterful understatement. Here's what IE boss Dean Hachamovitch had to say two weeks ago:

Flash does have some issues, particularly around reliability, security, and performance. We work closely with engineers at Adobe, sharing information about the issues we know of in ongoing technical discussions.

"Some issues"? Yeah, that's one way of putting it. My own experience fits right in. I discovered yesterday that Internet Explorer crashes on my wife's PC once or twice a day. The Windows 7 Reliability Monitor says Adobe's Flash Player is to blame (yes, it's up-to-date), and it offers a step-by-step solution: Uninstall the Flash Player, reboot, and reinstall Flash. (The Microsoft prescription is, in fact, the exact same set of steps I recommended right here back in January.)


I did exactly that, and guess what? Today, at 7:42AM, another Flash crash. At the same time on the same PC, TweetDeck, an app that runs on the Adobe Air platform, had stopped responding. The crash report fingered that same Flash ActiveX control version as the cause.

Update: Via Twitter, Adobe's John Dowdell questions my report on the TweetDeck crash. I got one small detail wrong. It was FlashUtil10e.exe, not the Active X control, Flash10e.ocx. Both versions were the same, Here's the crash report from Windows:


Oh, and just a little while ago the latest Adobe Reader update failed on another PC, with this not-so-helpful message: "Update failed. Cannot install this update. Please run Adobe Reader Repair. Error:1500."

So pardon me if I feel cranky about your software right now, Adobe.

Look, Apple and Microsoft say you have reliability and security problems with Flash Player. A whole lot of my readers say the same thing. And so do I. We're all sort of waiting for you to acknowledge that the number of times people have a negative experience with Flash is too high. Until you address that elephant in the room, no one is really interested in hearing much more about openness and freedom. (Well, except for the FTC and the DOJ, but that's a different issue completely.)

And then there's security. According to Microsoft's most recent Security Intelligence Report, published earlier this week, a Flash Player exploit was the most commonly exploited browser vulnerability in the first half of last year. The list of security updates for Flash Player is depressingly long. So, how are you planning to convince us that you've gotten serious about security?

I talked to an Adobe spokesperson earlier this week and heard all about the big improvements coming in Flash Player 10.1. Product Manager Tom Nguyen told me, "We're looking after the interests of our end users and customers," and ticked off a list of improvements that are on the way: support for more mobile devices and more operating systems, better performance, improvements in power usage (and thus improved battery life), support for hardware-accelerated H.264 video. Those are all big, important features.

What I didn't hear was a promise and a plan to deliver a more reliable, more secure product. Should we expect Flash 10.1 to crash less and be more resistant to attacks than Flash 10 or Flash 9? Why? What have you learned about how to stop customers from having a crappy experience and how are you applying those lessons? "Well," I was told, "there's an improved installer."

Not the answer I was hoping for.

Microsoft responded to the mess that was Vista by bringing in a new boss, Steven Sinofsky, who changed the internal culture on the Windows team quickly and decisively. He also brought in a lot of engineering discipline and an unprecedented level of communication about the Windows 7 development process via detailed, sometimes epic posts on the E7 Blog.

Adobe has profound issues of quality and negative perception to deal with, just as Microsoft did with Vista. But in Flash they also have a product that is going to be severely challenged by HTML5 and Silverlight and probably some other products and technologies we don't even know about right now. I'm certain Flash will still be around in five years and probably in 10 years. But it will be much less important than it is today.

The big question for Adobe is whether they can shut down the complaints about Flash by delivering a product that "just works." Oh, and at the same time stake out a future for a Web running on HTML5. Good luck with that.

Editorial standards