Editorial

TechSpot: Adobe's Flash Updater is Bloated and Shady

Being one of the most prolific sources of security vulnerabilities in Windows and other platforms, Adobe Flash Player needs no introduction. In spite of that reputation, and the fact that the rest of the industry is moving away from Flash, Microsoft surprised many of us by bundling the software with its operating system for the first time with Windows 8. This is after previously announcing that they wouldn't allow Flash in the Metro version of Internet Explorer 10 -- a decision the company later reversed.

I was glad when the Adobe Flash Player Updater was released in March. Finally the day had come when our machines would be silently updated with the latest Flash version... or so I thought. It'd just seem Adobe is making all possible efforts to make its software more bloated and less attractive to all consumers, here's why.

Read: Adobe's Flash Updater is Bloated and Shady

These articles are brought to you in partnership with TechSpot.

Report a problem with article
Previous Story

We finally unbox the Nokia Lumia 920

Next Story

Surface “killing” blamed on lack of distribution

38 Comments

Commenting is disabled on this article.

I think that this is simply an issue of desire. It wouldn't be difficult for them to incorporate a detector into a unified updater app and in turn bundle that unified flash updater into Adobe Update which comes with most commercial Adobe programmes.

if (activeXInstalled == true) then
updateActiveX
end if
if (pluginInstalled == true) then
updatePlugin
end if

'Rocket science' levels of logic I know.

Yet Adobe seem to release a different version of Adobe updater for every new release of CS and Adobe Reader and they seldom seem to interoperate.

So to me it suggests that they do not want to do it, with flash the answer is obvious; they want to cash the pay cheque from Google and McAfee etc. for spamware installations. They are willingly sacrificing user security for revenue.

They should have abandoned the use of these silly multi-click custom user interface updaters years ago and simply released a MSI version ONLY. Yes you can get a MSI installer version, but you are supposed to jump through a series of paranoid hoops to get hold of it.

Deploy the MSI and business users keep their networks up to date and they can do both the ActiveX and plug-in versions at the same time, no drippy user interface to deal with. So to that end there is no reason why it cannot be the same for consumers.

Their argument is going to be about needing users to accept the EULA: so tell me about Chrome and IE10 users in that statement?

Breach said,
Some good points, but I stopped reading when the Flash bashing started.

I came in here for the comments only Personally I've never had problems with flash. I've seen it happen, most certainly, but I'm sure that folks just picked a bad batch of hardware. It happens.

Some folks don't understand that you can't just pick your favorite brands/best deals and put'em all together. PC Building is VERY delicate. There's a ton of hardware out there that's miss match. Just because the OS boots, doesn't mean the hardware is compatible. Just wait for the BSOD and flash errors (or other CPU related tasks) Rendering etc...

This is also one more reason why I use patchmypc. I uses the silent update feature of flash and installs none of the junk that comes along with it.

warwagon said,
This is also one more reason why I use patchmypc. I uses the silent update feature of flash and installs none of the junk that comes along with it.

not entirely true; ccleaner updates install google toolbar.

Same here. I was playing SimCity and Sim Social on facebook, but it keep crash often. I suspected it was Windows Vista is soooo slowest than Windows 7. I tested it on Windows 7 and it was so smoothly and faster than windows vista. Soon I will get new computer with Windows 7 with 8GB RAM memory, so I can enjoy them soon.

I apply for the free Flash Redistribution license. The agreement prevents me from directly linking the download page, but if you sign up you can gain direct access to crapware free exe/msi installers of Flash with no fuss directly from Adobe. Just tell them you're doing enterprise/internal deployments, and then they'll send you the clean download page link.

http://www.adobe.com/products/...sh-player-distribution.html

They have equal direct download redist agreements for AIR, Adobe Reader, and (assuming anyone still installs it) Shockwave.

I have worked with Flash for many years and have seen it grow and change in that time.

What I can say, from my experiences, it that since Adobe took over it went from bad to worse, as have many of their products.

The video playback is just crap, jumpy, certain players like YouTube seem to not function at all well, not letting you rewind to the correct point etc.. You cannot even set movies to loop.

I too hoped the auto update would just happen in the background and I would never need bothering again, not at all.

Everyday, my little angry moment comes when the browser hangs as Flash starts to do its thing, my GPU fires up ( from integrated to discrete ) and then the whole machine slows down and the fans come on.

This option bloatware is only an issue for users who click continue without reading what they are installing. Sadly this is 90% of users.

A few months ago there was an option to let it update on its own. Most people in our company checked it. Now all of those people have chrome as default browser and our application requires ActiveX. Total F ing BS.

Same complaints here. When I get an announcement on my machine in the morning, I quickly run around to the other 30 machines and get the update. The last time I didn't, I found either McAfee or Chrome sitting on half the machines or got calls as to why its doing what its doing.

When something asks me if I want automatic updates, make the damned things automatic and don't use it to attempt to trick people into getting third party softwares. When I go install a new piece of software, I'm expecting to read carefully and make decisions. When my workers who are trained to use the computers for a particular purpose get prompts about doing things, they don't always make the correct decisions. If the damned question was "Notify when new versions are available" it would be one thing, but its not, it very expressly says "Install updates automatically when available"..but it doesn't..it pops up and directs workers to a webpage.

Great article. 100% agree. For bonus points, the author actually found a valid reason to support the use of Zynga's crappy games, where I fought there was none.

If flash wasn't used so much, to death in fact, I wouldn't allow this thing on any computer I control. As it is, it's disabled in all browsers until I enable it.

As mentioned above, I uninstall Java even from customers computers, most of the time also.

Those are 2 of the most unsecure, bloated, pieces of trash in existence. Way to bad they are almost must haves, sometimes.

I have seen this happen about 80-100 times on a group of about 3000 machines. Thank God I figured out a way to push out silent updates for all the machines to the latest version. Easier then telling people how to update.

Started reading the article, when they came with a Flash update opens the flash website before you download it, and they complain about this.
While Flash has an autoupdater which doesnt need the website for at least a year already. (after initial download).
And the autoupdater updated both the IE and FF/Opera flash.
Crying allot about addonware and toolbars... Which is normal with ALLOT of software.
Even CCleaner asks me to install crapware.

Bad review, i stopped reading after all that nonsense in the first half tho.

Shadowzz said,
i stopped reading after all that nonsense in the first half tho.

Maybe you stopped reading because you ran out of screen space due to all the toolbars your system must have. It might also explain why your post is formatted so badly. Enjoy your trashed system.

Shadowzz said,
Started reading the article, when they came with a Flash update opens the flash website before you download it, and they complain about this.
While Flash has an autoupdater which doesnt need the website for at least a year already. (after initial download).
And the autoupdater updated both the IE and FF/Opera flash.
Crying allot about addonware and toolbars... Which is normal with ALLOT of software.
Even CCleaner asks me to install crapware.

Bad review, i stopped reading after all that nonsense in the first half tho.


Maybe you should not have stopped reading before assuming allot of things.
The updater DOES NOT update to new point releases, that is it can update from 10.4.2 > 10.4.3 but it can NOT update from 10.4 to 10.5, I even linked to a open bugbase article at Adobe where they confirm this!

Java's updater does the same nonsense. The Ask Toolbar is preselected for installation every time the user is prompted to update. As a result of this, and also just for the sake of better security, I just uninstall Java on every machine under my influence. If someone did have a genuine reason for having Java, it's still easier to fix than dealing with all the cr*pware.

"This is after previously announcing that they wouldn't allow Flash in the Metro version of Internet Explorer 10 -- a decision the company later reversed."

Not true. MS said they wouldn't allow any plugins in Metro IE10, including Flash. But Flash is not a plugin in IE10. It's built in to the browser itself. I'm sure MS planned this from the start because it would take time to do.

It was mainly done to improve security as the plugin standard used in browsers is very limited and filled with holes. Most of the time security problems and crashes are not Flash Players fault but the ancient broken plugin method that it has to use.

1Pixel said,
"This is after previously announcing that they wouldn't allow Flash in the Metro version of Internet Explorer 10 -- a decision the company later reversed."

Not true. MS said they wouldn't allow any plugins in Metro IE10, including Flash. But Flash is not a plugin in IE10. It's built in to the browser itself. I'm sure MS planned this from the start because it would take time to do.

It was mainly done to improve security as the plugin standard used in browsers is very limited and filled with holes. Most of the time security problems are not Flash Players fault but the ancient broken plugin method that it has to use.


Actually no, they wanted to go flashless with IE10metro, as Apple does with iOS safari.

Shadowzz said,

Actually no, they wanted to go flashless with IE10metro, as Apple does with iOS safari.

No they didn't. No where have they ever said this. MS have only ever said there will be no plugin support, and mentioned the Flash PLUGIN wouldn't be supported. Any site that has said MS didn't intend to support Flash at all was inccorrect, it was a wrong assumption. Just like with this article.

1Pixel said,

No they didn't. No where have they ever said this. MS have only ever said there will be no plugin support, and mentioned the Flash PLUGIN wouldn't be supported. Any site that has said MS didn't intend to support Flash at all was inccorrect, it was a wrong assumption. Just like with this article.

Steven Sinofsky himself sure as hell strongly implied it.
http://blogs.msdn.com/b/b8/arc...and-plug-in-free-html5.aspx

Why did Microsoft actually allow Flash in the end? Did Adobe cut a deal with Microsoft, did the opposite occur, or did Microsoft make the decision internally? Does anyone actually know? You can make a good assumption that had Adobe not relinquished control over the ActiveX plugin publishing to Microsoft, it wouldn't be included in Windows 8, and it wouldn't work in WinRT IE.

Also, anyone who thinks that Flash is not still an ActiveX plugin is probably wrong. It is not directly "part" of IE. The ActiveX plugin that both WinRT and Desktop IE use is in the exact same place on Windows 8 as it was in Windows 7, and it sure still looks like an ActiveX plugin to me:

C:\Windows\SysWOW64\Macromed\Flash\
C:\Windows\System32\Macromed\Flash\

The primary difference between the Flash ActiveX plugin between Windows 7 and Windows 8, is that the one you install in Windows 7 is digitally signed by Adobe, and the one that is part of Windows is signed by Microsoft's third party signature.

FalseAgent said,
Am I the only one that never had any issues with Flash before? (Windows only, Flash on OSX is horrible)

"never had any issues with Flash"
"Flash on OSX is horrible"
Sounds like you had an issue.

FalseAgent said,
Am I the only one that never had any issues with Flash before? (Windows only, Flash on OSX is horrible)

Shenanigans. Flash on Mac OS 10 is no better or worse than Windows. When it has problems, it can have them equally on both platforms.

I completely agree with the article related to the updater. Flash's "auto-updater" isn't worth a damn on either platform, especially if your users don't have administrative access to the machine. I've never seen it actually silently auto-update, I've always seen it pester users for interaction or finally get around to announcing that it's out of date.

Even with the most recent versions, I always have to deploy new versions through SCCM/SCUP for Windows and ARD/Radmind for Mac OS. The only exception, the only version of Flash that actually can properly and silently auto-update, even when it's in use, is the Windows 8 ActiveX plugin that comes down through Windows Update.

Kaedrin said,

Shenanigans. Flash on Mac OS 10 is no better or worse than Windows.

I often use my Windows virtual machine to view some Flash heavy content because the OSX version of Flash runs so much slower (and causes considerable load on the CPU).

virtorio said,

I often use my Windows virtual machine to view some Flash heavy content because the OSX version of Flash runs so much slower (and causes considerable load on the CPU).

I'd be more inclined to agree that the ActiveX plugin of Flash performs better than the Flash plugin, at least when using IE9 or IE10, but I'd attribute that more to IE itself. If we're just talking about the plugin, I haven't really noticed a difference between OS platforms, but have between browsers. If you have a good example you can reference, feel free to point it out and I'll see how it behaves on my end of things.

Kaedrin said,

Shenanigans. Flash on Mac OS 10 is no better or worse than Windows. When it has problems, it can have them equally on both platforms.

I completely agree with the article related to the updater. Flash's "auto-updater" isn't worth a damn on either platform, especially if your users don't have administrative access to the machine. I've never seen it actually silently auto-update, I've always seen it pester users for interaction or finally get around to announcing that it's out of date.

Even with the most recent versions, I always have to deploy new versions through SCCM/SCUP for Windows and ARD/Radmind for Mac OS. The only exception, the only version of Flash that actually can properly and silently auto-update, even when it's in use, is the Windows 8 ActiveX plugin that comes down through Windows Update.

Playing video through flash on my core 2 duo macbook pro wrecks the battery life. Seems to consume the entire CPU . Not so on any of my Windows machines.

FalseAgent said,
Am I the only one that never had any issues with Flash before? (Windows only, Flash on OSX is horrible)

Flash on Linux is horrible. A big lag especially used in Firefox itself. Chrome seems to be better. All other open source browser are following the core of Firefox. lol

On Mac... Leggy too

What? I thought you write the whole thing.
Well, my experience with the latest flash update is that crashed my graphics card, now some how another small update fixed the problem.

Applications shouldn't cause driver crashes so I don't really think it's Adobe's fault for that but rather a graphic driver bug that was triggered by something Flash did.

Adobe retardedly putting on Acrobat 11 and Reader 11 a print screen so big it that it can't be used on netbooks or computers with higher DPIs on the other hand... (not to mention Reader 11 process sometimes doesn't close and starts using 100% CPU in background to download Adobe Online ads) makes me wonder if they do even tests their applications before release. Let's also not forget all the people for which Flash stops working between updates because they never do a proper migration of their settings, I had to run the flash uninstaller several times this year alone...