Firefox's Flash warning goes unheeded
By Stuart Turton
Posted on 17 Sep 2009 at 09:48
Mozilla's attempt to shore up Firefox's security by warning users to upgrade their third-party plugins looks to be falling on deaf ears, if early numbers are anything to go by.
Mozilla began by warning Firefox users upgrading to either 3.5.3 or 3.0.14 to upgrade to the latest version of Flash, after it discovered that nearly 80% of Firefox users were running an outdated version of the plugin.
The message appears on the What's New landing page, and warns that "Your current version of Flash Player can cause security and stability issues", offering a link through to the Adobe website.
However, only 33% of those informed they had an outdated version of Flash clicked on a link to upgrade, according to figures presented by Mozilla's Ken Kovash.
The click through rate has remained steady ever since, suggesting that despite Mozilla's best efforts, people remain unconcerned of the dangers presented by unpatched software.
However, Kovash hailed the figures as a success when compared to the 5% of people who clicked through the links on the What's New page before the Flash warning appeared.
Mozilla has already confirmed that it plans to broaden the scheme to cover other plugins in future versions of the browser. "Firefox 3.6 will check for newer versions of plugins just like we check for newer versions of Firefox or extensions," the company says. "If it sees that you have one that’s out of date, you’ll be sent to that page."
From around the web
If the browser's border or title area blinked red every five minutes, just for 30 seconds or so, because of a very serious issue, surely the user would realize something was wrong and that they needed to investigate this further - hence leading them down the track to updating their software bits and pieces.
Its just an idea that they and other software developers could use if the old ideas don't work.
By nicomo on 17 Sep 2009 
never saw the warning on the page...
the page looked no different from any other time...so didn't pay it a lot of attention. Perhaps i am on the latest version.
I guess most users wont know that if they run IE and Firefox, they need two different versions of Flash.
Its good however that Firefox is even attempting to bring this to users attention.
I use Sumo (Software Updates Monitor) to try and plug the serious gaps, but with it all changing on a daily/weekly basis, how is anyone really supposed to keep up with all this?
Simon
By bouncy1 on 17 Sep 2009
33% is a signification percentage!
"Firefox's Flash warning goes unheeded" ... because only 10 million people upgraded.
10 million? That sounds like a lot of people taking heed.
By peterm2k on 17 Sep 2009
I'm not surprised
I did click on the link and it made my Firefox almost unusable since every time I go to a page with Flash on it, that page now takes so long to load that I close the browser down and do something else instead. Uninstalling and reinstalling hasn't helped either.
By IanT9 on 17 Sep 2009
Automatic Update
Most Firefox add-ons will automatically update, so why can't adobe set up their flash plug-in to do the same.
All the end user then has to do is accept the update, rather than being sent to some other site to do the update.
By ChrisRiddick on 17 Sep 2009
Adobe needs to get Flash to update as easily and automatically as Firefox and other software. It is an entirely manual procedure at the moment, and a tedious one as it needs to be done separately for both IE and Firefox.
Why can't Flash be updated via the Adobe Updater that is installed with Adobe Reader?
No-one reads the "you've just upgraded" page as Firefox updates are so frequent and the page doesn't normally contain anything important. I agree with other comments - 33% is a surprisingly high proportion.
By halsteadk on 17 Sep 2009
Users don't trust these update-notifications..
.. and quite rightly so.
"If the browser's border or title area blinked red every five minutes, just for 30 seconds or so, because of a very serious issue.. "
On the contrary, they would assume this was being done by a malicious website trying to spoof them into installing a Trojan, and would respond by closing the browser and/or rebooting.
The issue here is that modern browsers allow Javascript to fake system dialogs. This is, IMHO an Very Bad Policy, as it means the user can now trust nothing, all popups and update-notifications must be assumed hostile.
This, I suspect, is why so few respond to the warning.
By Anteaus on 17 Sep 2009
Just because people don't click on *that* link, doesn't mean they are not updating. Likewise, people could click, get confused and give up, but it gets counted.
This is where you can set Flash to check for updates:
http://www.macromedia.com/support/documentation/en
/flashplayer/help/settings_manager05.html
Maximum is every 7 days.
You can also find and delete all those Flash cookies.
By davidsoap on 18 Sep 2009
It's a good idea but following through forced Adobe updater/Adobe GetPlusPlus on me - never again will I trust such a message, I simply cannot stand updater apps.
By thewelshbrummie on 18 Sep 2009
advertisement
- Laptop bag reviews: nine tested
- Sony VAIO T Series Ultrabook review: first look
- Revealed: the military standards and robots HP uses to test its laptops
- Windows 8: multi-monitors and double standards?
- Why is TalkTalk's year-old porn filter suddenly big news?
- Why are laptop screens so far behind mobiles?
- HP EliteBook Folio review: first look
- The shoebox-sized all-in-one printer
- Forget the Ultrabook: here comes the HP Sleekbook
- HP Spectre XT review: first look
- Why you have to be left in the dark on OS patches
- Is Microsoft mismanaging Windows on ARM?
- Dealing with spam surrogates
- Why 3G broadband can be better and cheaper than ADSL
- Is Twitter bad for business?
- Publishing your email address isn't a security disaster
- Why you'll need a fax machine to develop iOS apps
- Learning to adapt to the mobile web
- Why you shouldn't use WPS on your Wi-Fi network
- Disabled users suffer when software breaks the rules
advertisement
