I get where you're coming from. Not every update is perfect. That said, the threat landscape in 2018 is way different than the threat landscape in 2005. The idea that patching is optional or should be deferred isn't tenable anymore.
There are really good binary reverse engineering tools and a lot of professional talent under the control of criminal and state-sponsored attackers. More importantly, it's highly automated and performed en-masse through sophisticated, global campaigns. There's real money in ransomware, mining bitcoin, selling your keystrokes and access to the services that those keystrokes open up.
Attackers are really fast at reverse-engineering security fixes and turning them into weaponized attacks on unpatched clients. There's a lot of good research and intelligence collection happing at the industry level, and the reality is that turnaround time is as quick as a couple days. We're way past the days when you could just run unpatched for a few months. I mean, you might get lucky, but you're taking a big risk for negligible reward.
Also, we're talking about professionals. The idea that you're going to notice a malware infection on your machine is suspect. If it's well-written, you're going to have no clue. Modern malware is written by teams, who have daily builds, conduct regression testing against popular anti-virus and anti-malware tools, etc. We're long past the days of kids in basements. The sky isn't falling, but the realities are different, and that should probably factor into your thinking.
It's also worth pointing out that while Flash Player is free to you, but it's actually really expensive to produce and distribute. There's labor and bandwidth, and a bunch of technology patents that Adobe licenses on your behalf. At the same time, Adobe is a for-profit company, and Flash Player has to pay its bills. The distribution business is what makes that possible. As you can imagine, there are experts who define how that UI works and what it does, and they optimize it to meet the needs of the business.
Here's the thing, though. We want you to stay patched enough that we'll happily forego that revenue-generating opportunity. There's no ulterior motive there. Enable Automatic Updates, and you never get prompted to download again. We never get an opportunity to derive revenue from a product offering. It makes the web a better place. Like vaccinations, herd immunity matters. The less infected nodes are on the network, the healthier the network is.
So yeah, auto-update would fix this for you, and while you give up a little control, you're maximizing your defensive stance against a malware infection. The fallout from a bad Flash Player update is that we might break Farmville. The fallout from getting hit by a long-patched vulnerability has far more severe consequences.
1
Reply
AdChoices