Automatic updates will download from the adobe.com site; it's always legitimate.
Pop-up notifications that redirect you anywhere else than an adobe.com (or macromedia.com) site are not legit.
I personally always download updates manually on the day they become available:
Is there a method for ensuring that one down;oads and installs only legitimate Flash Player updates? For that matter, any Adobe update?
I believe it's called "discretion".
If you don't trust it... don't download it... period.
That is not an answer. What characteristics/attributes would one look for
to acquire said trust?
Robert K. Ferguson CISM, CISSP, CCSK, IAM, MSIA
Senior Information Assurance Consultant
7383 Rodeo Court, Annandale VA 22003
H: 703.354.8205 M: 703.946.6082
What characteristics/attributes would one look form to acquire said trust?
That's a loaded question simply because of the most obvious answer, which would be "Look for the Adobe® logo".
Problem is: there are THOUSANDS of fake sites and even more fake download "popups" with illegally used Adobe® logos in them.
You'll see legitimate "notifications" on booting up if there's an update available. The Adobe Application Manager and Adobe Updater use system date & time to notify you when an update is available. Reader and Flash Player have "scheduled" update implimentation coded into the install. These update notifications will happen when you're not online, and will appear on your desktop with a "charcoal & red" themed window, and in the case of Reader, a system tray icon as well.
ANY legitimate online Flash Player update notification will appear in lieu of Flash content in a reputable site (YouTube, CNN, etc.) and will contain a "hoverable" link that will show in your browser's status bar as "http://get.adobe.com/flashplayer/". ANY link that points anywhere other than that should not be trusted... at all, even if it has "adobe" in the url. Many fakes will add those five letters to their fake download url to fool people. They'll also use words like "WARNING" and "BEWARE" which Adobe doesn't use.
A legitimate update doesn't need to, and WON'T, "scare you into downloading it". They also offer things like "Flash Player Pro" (which doesn't exist), or a version number that hasn't been released yet. A simple right click on ANY flash content will pop up a menu and "About Flash Player" in that menu will tell you what version you're currently running.
If you see something that doesn't look right, like "18.104.22.168" available, when you have a current version that's 22.214.171.124... don't trust it. Flash Player doesn't jump that far that fast.
That's why I say discretion is best. I know several people who will click on a link just because it pops up. A few of them are clients and it's gotten to the point that I no longer feel bad about charging them $80 for 10 minutes time to clean up a mess they've made because I've warned them repeatedly NOT TO CLICK things when they don't know what they are or where they came from or where they lead. I/T managers have to lock systems down to keep employees from doing that or they'd be fixing their systems 24/7. Not so easy with personal computers, especially if kids use them.