8 Replies Latest reply on Oct 29, 2014 8:38 AM by jednie

    Agressively intrusive updater /

    ForPia Level 1

      I am getting extremely annoyed by how intrusive and disruptive the Flash Player update process is. Here is what happens:

       

      • Some window pops up randomly ("Your Flash Player needs to be updated urgently"). You can click 'Update' or 'Remind me later'. The window cannot be minimized and is forced to stay in the foreground. Bad luck if you first need to do anything else on your computer.
      • If you click 'Update', the update process starts. A download window pops up. Again, it is impossible to resize or minimize and the windows is forced in the foreground, so it blocks all other programs for the entire update process. Bad luck if you're busy, especially if you have a slow internet connection.
      • After the install, EVERY SINGLE TIME a window pops up telling me that "Your update preferences have changed. Do you want to (1) update automatically, (2) confirm your update, (3) don't check for any update". Again, the window blocks everything else.

       

      Here's what should happen:

       

      • An unintrusive text buble and icon pops up in the notification area of my taskbar, telling me there is an urgent security update
      • When I click it and confirm I want the update to install, the update process runs in the background
      • If new options are available in the install process, the installer asks me once and then logs my preferences
      • Nothing else happens

       

      Difficult, isn't it.

       

      Is there any way to bypass this monstrosity of an update process (change in registry settings, ...)? And why doesn't Adobe sack the people that designed it?

        • 1. Re: Agressively intrusive updater /
          Mike M Level 6

          Right click ANY Flash Content and select "Global Settings"

          Under the Advanced tab, you can disable automatic updates.

          If you still see update notices after that, you have malware causing them.

          • 2. Re: Agressively intrusive updater /
            UserX

            I agree - the updater should remember our preference setting (in my case, 'Notify Only') - the statement that my update options have changed is a lie, the options remain the same every time - it's just Adobe chooses to ignore the selection I've made. I hear a lot of people complaining about this.

             

            The modal dialogs are a PITA too.

             

            I suppose I could disable automatic updates, but in fact I prefer to be NOTIFIED they are available, but in a subtle way that I can ignore for a while.

             

            FYI, Adobe, I did not buy my PC in order to run Flash - it has other, more important things to do. Software companies that assume users do nothing except run their magnificent application are too arrogant for my taste.

            • 3. Re: Agressively intrusive updater /
              jednie

              I tried right click on a flash image on a website and nothing happened.

              I don't want to update flash, ever, until I get a new computer.

              I'm annoyed that the latest flash updates can stop your flash

              viewing and hold your computer "hostage" until you update.

               

              Increasingly I find I'm fighting with my computer to get any work done at all.

              There's too many automatic "helpers" delaying every thing I try to do to get

              some work done. Not amused with it all. The computer is a tool for us, not the

              other way around.

              • 4. Re: Agressively intrusive updater /
                jeromiec83223024 Adobe Employee

                The user experience is not lost on us, and it's always a delicate balance between security and user experience.  Both your Browser and Flash Player spend the majority of their time processing remote, untrusted, potentially malicious content.  Very little other software on your computer falls into this category. 

                 

                Over the past few years, the security landscape has changed significantly, and we do want you to have the latest Flash Player.  We work closely with partners in academia, industry, and government to identify and resolve potential security threats based on emerging research and intelligence from the field.  Almost every Flash Player release includes important security updates, and they really are important if you're trying to keep your machine malware free.  We release monthly patches in tandem with Microsoft Patch tuesday, and if we're releasing a patch outside of that cycle, it's to address either a security threat that we've discovered being used in the wild (in which case, you *really* should want to patch), or there's some horrendous bug that we absolutely must patch because of a customer escalation or something.  That bar is very high.

                 

                So that's our thinking on the patch stuff.  We want you to be secure by default.  If you're browsing the same four sites all day and you're confident that no bad content will ever come your way, then we provide you mechanisms to disable the update.

                 

                For those of you that have expressed frustration with a particular experience, I'd be more than happy to advocate for fine-tuning things like the modal dialogs.  A lot of the installer action happens outside the Flash Player engineering group itself -- there's another group that makes the installer that we share across the various free products.  It helps me greatly when talking to external groups to show up armed with things like screen captures, details about the operating system and browser versions, any steps to reproduce, etc, but I'm always more than happy to go to bat for improving your experience.

                • 5. Re: Agressively intrusive updater /
                  jeromiec83223024 Adobe Employee

                  Also, Google Chrome comes with a built-in Flash Player that they maintain as part of their automatic update process.  There are no manual downloads and nothing to tinker with outside of Chrome itself.  If you want both the security and the simplification of eliminating manual Flash downloads, Chrome is worth taking a look at.

                  • 6. Re: Agressively intrusive updater /
                    jednie Level 1

                    The fine tuning for me would have to be: not disabling my previous version of flash in my browser.

                     

                    As to the rest of it: the key phrase here is: loss of control

                    I continually have to spend time to find hidden click boxes to regain control over my computer "experience".

                    Programmers continually find ways to create and hide those click boxes to prevent me from keeping control

                    over my computer. The result is animosity.

                    • 7. Re: Agressively intrusive updater /
                      jeromiec83223024 Adobe Employee

                      The blocked plug-in dialog is controlled by Safari, and I readily acknowledge that the user experience is less than stellar.  It is unlikely that improving the user experience aspect of this functionality is a priority for the Safari team, but you're always welcome to voice your opinion to Apple.  That's the most effective path for change in this instance.  There are much better examples of implementations of similar functionality in other popular browsers.  In the case of Chrome, you would just get the update and never notice that anything changed.  Firefox would present you with a dialog in the browser chrome instead of the area where the plug-in resides, which ensures that it's always adequately sized and legible. 


                      That said, both Adobe and Apple believe that the benefits of blocking vulnerable plug-ins before they become vectors for widespread infection far outweighs the minor inconvenience that blocking may impose.  There are rarely easy or convenient choices in these scenarios, but taking decisive action to prevent the spread of malware is by far the lesser of two evils.

                       

                      The alternative to blocking the plugin is that you're potentially left exposed to malware, the result of which could cause a far more egregious loss of control over your computer, your personal information, finances, reputation, or depending on what your work and country of residence is, life or freedom.  Like vaccinations, there's a critical herd-immunity component here.  If the vast majority of machines are protected by default, the economic incentive evaporates, and in the event that attackers are able to establish a foothold on a body of vulnerable machines, that pool of machines under the attacker's control is much smaller that it would be otherwise.

                       

                      I totally get where you're coming from -- the rapid pace of updates in the OS and browser space is not something that's lost on us by any means -- it make my life far harder in many regard, but the answer isn't returning to the early Windows XP days where network worms regularly infected millions of machines in attacks that persisted for months or years.  There's a holistic concern about the security and viability of the Internet that outweighs minor usability concerns.  Should we make the experience more seamless?  Absolutely.  Should we leave network-connected client endpoints in a permanently vulnerable state such that they can be used to infect other machines and networks with a continuously updated stream of malware?  Personally, I'm in the "no" camp and am happy to take occasional heat for it.

                      • 8. Re: Agressively intrusive updater /
                        jednie Level 1

                        Well, this looks like a good place to "vent".

                        I'm not happy with automatic updates for another reason too:

                        I use a dial up service for www access at home. It's okay cost wise if

                        I keep my data transfer below a certain amount each month. But if I go

                        over that amount of data transfer then I pay good money to do so. So I

                        don't allow myself to go over that data transfer amount.

                        Guess what happens if a few sneaky updates happen automatically?

                        Then those updates are not free. I have to shell out extra cash for them.

                        Especially virus updates and system updates, that don't let me schedule

                        them over two months.

                        So I'm heading back to the old routine of one computer for the www and

                        one computer which is not connected to www. (and guess which one I

                        use to get some work done? so leasing software is not a good option for me.)