Feeds

Not cool, Adobe: Give the Ninite guys a job, not the middle finger

Top toolmaker told to stop installing crapware-free Flash

Top 5 reasons to deploy VMware with Tegile

Sysadmin blog Adobe wants the ability to easily roll out Flash updates removed from Ninite, the sysadmin Swiss army knife. I'm going to explain why this is a terrible thing.

First, though, I would like to discuss the real-world practical uses of products such as Ninite. Ninite is used by systems administrators and ordinary folk alike to install common third-party software. Far more importantly, Ninite and its ilk are used to ensure that these applications are kept up-to-date.

Ninite – and other applications like it – are the good guys of the internet. Unlike modern smartphones, Windows PCs do not have a foolproof mechanism by which third-party applications can be kept up to date. (No, the abomination formerly known as Windows 8's Metro and its software store spawn do not count.) When a security flaw is discovered in an app a patch must be issued by the software's vendor to fix it. That patch must either be disseminated through the vendor's update application or manually downloaded by the user.

Adobe's products are a security nightmare. Reader, Flash and Air are - alongside Oracle's Java browser plugin - the screen door through which the raw unfiltered sewage of the internet oozes into the homes of netizens. These products are awful, the security is worse and the management of them over the years beggars belief.

Even trying to find a web page that discusses the problem in a condensed form to link to proves overwhelming. The sheer volume of posts when you search for any of those products and "security" or "vulnerability" stalls the mind.

Ninite offers an installer that downloads the latest version of Flash from Adobe's own website (which is entirely different from unlicensed redistribution) and performs a silent install free of the unwanted additional software that Adobe pushes onto its users in the Flash update - such as the Ask toolbar or a trial version of McAfee Antivirus.

Adobe's solution to the security problem is decidedly half-arsed: the software giant's updater, which kicks into life when it notices the installed version of Flash is out of date, is a bug-ridden example of the unfathomable number of methods by which an application can crash. It fails to apply the upgrades and security fixes required on far too many occasions. This is assuming the PC is running a version of Flash that can update itself.

The alternative – a manual download – is something most users don't even know how to do. Even if they did, the majority can't be bothered. For those who do know enough to download the updates for Flash manually, Adobe attempts to foist upon them a trial version of McAfee Antivirus! This merely makes the whole Ninite situation more galling.

It is demeaning that Adobe should resort to attempting to bamboozle users with trial installer nagware in the pursuit of a few more coppers. It is downright vindictive to demand that third parties cease providing unified tools that augment the security of the internet by cleaning up the mess they made in the first place by shipping software as insecure as Flash.

Let me preempt the argument that Ninite is somehow "insecure because it's not directly from Adobe". First off, as I stressed above, Ninite's installer downloads the files directly from Adobe. Secondly, the man behind Ninite – Sascha Kuzins – is a good guy. At this point, given that the net result of Adobe's actions regarding Ninite is a less secure internet, I find Kuzins far more trustworthy than Adobe.

I've met the man; Kuzins is someone Adobe should be hiring for a bag of cash the size of a car and putting in charge of making its product delivery and maintenance mechanisms not suck.

What Adobe should explicitly not be doing is preventing Kuzins – and others like him – from making the internet we all share more secure. I can't find a way to justify this. Whatever the rationalization used by the Adobe department of idiocy enforcement, they should have checked with PR first.

It certainly is possible Adobe had a solid, logical reason for its request. From the view of a coalface admin just trying to keep things up to date this reeks of the exact same sort of hubris Sony displayed during the rootkit fiasco; an unrepentant willingness to make the internet less secure in order to pursue ultimately meaningless internal goals. So shame on you, Adobe; we all deserve better than this. ®

Choosing a cloud hosting partner with confidence

More from The Register

next story
Google+ goes TITSUP. But WHO knew? How long? Anyone ... Hello ...
Wobbly Gmail, Contacts, Calendar on the other hand ...
UNIX greybeards threaten Debian fork over systemd plan
'Veteran Unix Admins' fear desktop emphasis is betraying open source
Preview redux: Microsoft ships new Windows 10 build with 7,000 changes
Latest bleeding-edge bits borrow Action Center from Windows Phone
Microsoft promises Windows 10 will mean two-factor auth for all
Sneak peek at security features Redmond's baking into new OS
Netscape Navigator - the browser that started it all - turns 20
It was 20 years ago today, Marc Andreeesen taught the band to play
DEATH by PowerPoint: Microsoft warns of 0-day attack hidden in slides
Might put out patch in update, might chuck it out sooner
Redmond top man Satya Nadella: 'Microsoft LOVES Linux'
Open-source 'love' fairly runneth over at cloud event
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
Three 1TB solid state scorchers up for grabs
Big SSDs can be expensive but think big and think free because you could be the lucky winner of one of three 1TB Samsung SSD 840 EVO drives that we’re giving away worth over £300 apiece.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.