Feeds

Not cool, Adobe: Give the Ninite guys a job, not the middle finger

Top toolmaker told to stop installing crapware-free Flash

Secure remote control for conventional and virtual desktops

Sysadmin blog Adobe wants the ability to easily roll out Flash updates removed from Ninite, the sysadmin Swiss army knife. I'm going to explain why this is a terrible thing.

First, though, I would like to discuss the real-world practical uses of products such as Ninite. Ninite is used by systems administrators and ordinary folk alike to install common third-party software. Far more importantly, Ninite and its ilk are used to ensure that these applications are kept up-to-date.

Ninite – and other applications like it – are the good guys of the internet. Unlike modern smartphones, Windows PCs do not have a foolproof mechanism by which third-party applications can be kept up to date. (No, the abomination formerly known as Windows 8's Metro and its software store spawn do not count.) When a security flaw is discovered in an app a patch must be issued by the software's vendor to fix it. That patch must either be disseminated through the vendor's update application or manually downloaded by the user.

Adobe's products are a security nightmare. Reader, Flash and Air are - alongside Oracle's Java browser plugin - the screen door through which the raw unfiltered sewage of the internet oozes into the homes of netizens. These products are awful, the security is worse and the management of them over the years beggars belief.

Even trying to find a web page that discusses the problem in a condensed form to link to proves overwhelming. The sheer volume of posts when you search for any of those products and "security" or "vulnerability" stalls the mind.

Ninite offers an installer that downloads the latest version of Flash from Adobe's own website (which is entirely different from unlicensed redistribution) and performs a silent install free of the unwanted additional software that Adobe pushes onto its users in the Flash update - such as the Ask toolbar or a trial version of McAfee Antivirus.

Adobe's solution to the security problem is decidedly half-arsed: the software giant's updater, which kicks into life when it notices the installed version of Flash is out of date, is a bug-ridden example of the unfathomable number of methods by which an application can crash. It fails to apply the upgrades and security fixes required on far too many occasions. This is assuming the PC is running a version of Flash that can update itself.

The alternative – a manual download – is something most users don't even know how to do. Even if they did, the majority can't be bothered. For those who do know enough to download the updates for Flash manually, Adobe attempts to foist upon them a trial version of McAfee Antivirus! This merely makes the whole Ninite situation more galling.

It is demeaning that Adobe should resort to attempting to bamboozle users with trial installer nagware in the pursuit of a few more coppers. It is downright vindictive to demand that third parties cease providing unified tools that augment the security of the internet by cleaning up the mess they made in the first place by shipping software as insecure as Flash.

Let me preempt the argument that Ninite is somehow "insecure because it's not directly from Adobe". First off, as I stressed above, Ninite's installer downloads the files directly from Adobe. Secondly, the man behind Ninite – Sascha Kuzins – is a good guy. At this point, given that the net result of Adobe's actions regarding Ninite is a less secure internet, I find Kuzins far more trustworthy than Adobe.

I've met the man; Kuzins is someone Adobe should be hiring for a bag of cash the size of a car and putting in charge of making its product delivery and maintenance mechanisms not suck.

What Adobe should explicitly not be doing is preventing Kuzins – and others like him – from making the internet we all share more secure. I can't find a way to justify this. Whatever the rationalization used by the Adobe department of idiocy enforcement, they should have checked with PR first.

It certainly is possible Adobe had a solid, logical reason for its request. From the view of a coalface admin just trying to keep things up to date this reeks of the exact same sort of hubris Sony displayed during the rootkit fiasco; an unrepentant willingness to make the internet less secure in order to pursue ultimately meaningless internal goals. So shame on you, Adobe; we all deserve better than this. ®

Security for virtualized datacentres

More from The Register

next story
Microsoft WINDOWS 10: Seven ATE Nine. Or Eight did really
Windows NEIN skipped, tech preview due out on Wednesday
Business is back, baby! Hasta la VISTA, Win 8... Oh, yeah, Windows 9
Forget touchscreen millennials, Microsoft goes for mouse crowd
Apple: SO sorry for the iOS 8.0.1 UPDATE BUNGLE HORROR
Apple kills 'upgrade'. Hey, Microsoft. You sure you want to be like these guys?
ARM gives Internet of Things a piece of its mind – the Cortex-M7
32-bit core packs some DSP for VIP IoT CPU LOL
Microsoft on the Threshold of a new name for Windows next week
Rebranded OS reportedly set to be flung open by Redmond
Lotus Notes inventor Ozzie invents app to talk to people on your phone
Imagine that. Startup floats with voice collab app for Win iPhone
'Google is NOT the gatekeeper to the web, as some claim'
Plus: 'Pretty sure iOS 8.0.2 will just turn the iPhone into a fax machine'
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.