Feeds

Not cool, Adobe: Give the Ninite guys a job, not the middle finger

Top toolmaker told to stop installing crapware-free Flash

Secure remote control for conventional and virtual desktops

Sysadmin blog Adobe wants the ability to easily roll out Flash updates removed from Ninite, the sysadmin Swiss army knife. I'm going to explain why this is a terrible thing.

First, though, I would like to discuss the real-world practical uses of products such as Ninite. Ninite is used by systems administrators and ordinary folk alike to install common third-party software. Far more importantly, Ninite and its ilk are used to ensure that these applications are kept up-to-date.

Ninite – and other applications like it – are the good guys of the internet. Unlike modern smartphones, Windows PCs do not have a foolproof mechanism by which third-party applications can be kept up to date. (No, the abomination formerly known as Windows 8's Metro and its software store spawn do not count.) When a security flaw is discovered in an app a patch must be issued by the software's vendor to fix it. That patch must either be disseminated through the vendor's update application or manually downloaded by the user.

Adobe's products are a security nightmare. Reader, Flash and Air are - alongside Oracle's Java browser plugin - the screen door through which the raw unfiltered sewage of the internet oozes into the homes of netizens. These products are awful, the security is worse and the management of them over the years beggars belief.

Even trying to find a web page that discusses the problem in a condensed form to link to proves overwhelming. The sheer volume of posts when you search for any of those products and "security" or "vulnerability" stalls the mind.

Ninite offers an installer that downloads the latest version of Flash from Adobe's own website (which is entirely different from unlicensed redistribution) and performs a silent install free of the unwanted additional software that Adobe pushes onto its users in the Flash update - such as the Ask toolbar or a trial version of McAfee Antivirus.

Adobe's solution to the security problem is decidedly half-arsed: the software giant's updater, which kicks into life when it notices the installed version of Flash is out of date, is a bug-ridden example of the unfathomable number of methods by which an application can crash. It fails to apply the upgrades and security fixes required on far too many occasions. This is assuming the PC is running a version of Flash that can update itself.

The alternative – a manual download – is something most users don't even know how to do. Even if they did, the majority can't be bothered. For those who do know enough to download the updates for Flash manually, Adobe attempts to foist upon them a trial version of McAfee Antivirus! This merely makes the whole Ninite situation more galling.

It is demeaning that Adobe should resort to attempting to bamboozle users with trial installer nagware in the pursuit of a few more coppers. It is downright vindictive to demand that third parties cease providing unified tools that augment the security of the internet by cleaning up the mess they made in the first place by shipping software as insecure as Flash.

Let me preempt the argument that Ninite is somehow "insecure because it's not directly from Adobe". First off, as I stressed above, Ninite's installer downloads the files directly from Adobe. Secondly, the man behind Ninite – Sascha Kuzins – is a good guy. At this point, given that the net result of Adobe's actions regarding Ninite is a less secure internet, I find Kuzins far more trustworthy than Adobe.

I've met the man; Kuzins is someone Adobe should be hiring for a bag of cash the size of a car and putting in charge of making its product delivery and maintenance mechanisms not suck.

What Adobe should explicitly not be doing is preventing Kuzins – and others like him – from making the internet we all share more secure. I can't find a way to justify this. Whatever the rationalization used by the Adobe department of idiocy enforcement, they should have checked with PR first.

It certainly is possible Adobe had a solid, logical reason for its request. From the view of a coalface admin just trying to keep things up to date this reeks of the exact same sort of hubris Sony displayed during the rootkit fiasco; an unrepentant willingness to make the internet less secure in order to pursue ultimately meaningless internal goals. So shame on you, Adobe; we all deserve better than this. ®

Providing a secure and efficient Helpdesk

More from The Register

next story
Not appy with your Chromebook? Well now it can run Android apps
Google offers beta of tricky OS-inside-OS tech
Greater dev access to iOS 8 will put us AT RISK from HACKERS
Knocking holes in Apple's walled garden could backfire, says securo-chap
NHS grows a NoSQL backbone and rips out its Oracle Spine
Open source? In the government? Ha ha! What, wait ...?
Google extends app refund window to two hours
You now have 120 minutes to finish that game instead of 15
Intel: Hey, enterprises, drop everything and DO HADOOP
Big Data analytics projected to run on more servers than any other app
New 'Cosmos' browser surfs the net by TXT alone
No data plan? No WiFi? No worries ... except sluggish download speed
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Top 5 reasons to deploy VMware with Tegile
Data demand and the rise of virtualization is challenging IT teams to deliver storage performance, scalability and capacity that can keep up, while maximizing efficiency.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.