Adobe Flash updater on Mac OS X – or how not to implement updaters

Since Apple stopped distributing Adobe Flash with Mac OS X there was a need for a new way to notify the user about new updates to Flash. There are several ways Adobe could have implemented this, but the way they chose to do it is probably the worst option.

The Flash Updater popup can be presented when you visit any webpage containing Flash content.

So what’s so wrong about it?

In my opinion, a lot.

  • If you go to any page that has Flash embedded it might trigger the update notification.
  • The update screen will not tell you which version you have installed, or which version will be installed.
  • It is very disruptive to your workflow.

So why is this all so bad?

First of all the fact that it can pop up at any webpage is setting users up to become victim of a “pop-up download”. A malicious website could easily create a pop-up that looks like the Adobe update notification and trick you into downloading and installing malware. The fact that there were a large number of reports of malware posing as an Adobe Flash update in 2011 seems to confirm this fear.

Not knowing which update you install is problematic, because it will it make hard for you to verify that the update was installed correctly. Finally the disruption to your workflow, because you need to close all your browsers to make the update, will mean that people are very likely to skip the update if they are in the middle of something serious.

How could it be improved?

In my opinion the update check should be decoupled from your browser usage. Probably the best solution would be if Apple would get its act together with the App Store and provide clear and prompt update checks (preferably on a configurable interval). However the chance is very small, since Apple doesn’t even allow a browser plugin in the App Store and Apple’s process to approve updates is at times not very transparent and slow.

What you can do

First of all, install a browser extension like Plugin Customs or Click To Plugin, so you know when there is flash content and therefor having more insight in when Flash is used. A plugin like NoScript or JavaScript Blocker can also help to limit the chances to be victim of a pop-up download. Second instead of trusting the Adobe Flash update notification you could use a tool like MacUpdate to regularly check for updates and install them.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.