Share
Starting in version 3.5.3 and 3.0.14 of Firefox, Mozilla kicked off an initiative to warn users if they were using an out of date version of Adobe’s Flash software. According to Mozilla’s Ken Kovash, the initiative is working. One week after the new versions were released, 10,000,000 people clicked on the update link.
Mozilla gets users to update Flash with warning. (IMG:J.Anderson)
Now, the fact that 10,000,000 people clicked the link does not mean that 10,000,000 people were updated to the latest version. The Flash update warning, which appears on the what’s new page displayed after Firefox is updated, earned a click through rate of 27-percent as of Tuesday. So what does this mean exactly? It means that of all the people who saw the Flash warning, only about 2,000,000 users remained on a vulnerable version of the software. That’s a huge update rate.
According to Kovash, the typical click through rate on Firefox’s what’s new page is about five percent, so the rates seen this week were five times higher than normal. This suggests that for the most part, the end user awareness is working. In one week, millions who were otherwise vulnerable to exploits leveraging Flash Player, are now protected from that vector.
Adobe says that 99-percent of Internet users have Flash Player installed, but Mozilla’s metrics show that about 75-percent of them are using out-of-date versions of it. The lack of updates on the end user's part is one of the reasons why criminals target Flash Player to help infect users with Malware or to compromise a user’s system. Flash is just one part of the puzzle though, Adobe Reader is just as popular to criminals, and almost as many users online use Reader as they do Flash.
Mozilla’s Johnathan Nightingale said that they will continue this initiative, as more and more plugins are rolled into the web-based checking. Moreover, Nightingale said, “…the Firefox team is also building an integrated check that will let you know whenever a site you visit is trying to use an outdated plugin…This is just the beginning.”
In a report from SANS earlier this week, Adobe’s Flash had four of the top 30 vulnerabilities seen in the first part of 2009.
Interested in a more interactive TTH? Join our Facebook Group Want regular updates from The Tech Herald? Follow us on Twitter
Advertising
Comment on this Story