Flash player has always worked fine for me for the most part I have little complaints, however in updating it, which tends to happen relatively often, it always, every time asks me if I want the updates automatic (which I do not, I always ask it to notify me - it giving me a prompt to update it saying a new version is available is not an annoyance, I like that behavior) ... the annoyance is it doesn't remember that I told it that.... because it redirects to a website that website also doesn't remember that I unticked the "optional extras" (or whatever it literally says) for the unwanted McAffee product. So that forces me to each time untick this and select that, when if it remembered what I choose in the update utility itself I should only really be required to press a continue (or next) button, I'm fine with it having optional stuff to change in there, but not that is by default set on every time. Telling the software once that I don't want McAffee extras is more than enough times, yet I find myself having to do it each time I update. I know automatic updates may fix some of this for me, but then I have no control over when an update occurs.
I get where you're coming from. Not every update is perfect. That said, the threat landscape in 2018 is way different than the threat landscape in 2005. The idea that patching is optional or should be deferred isn't tenable anymore.
There are really good binary reverse engineering tools and a lot of professional talent under the control of criminal and state-sponsored attackers. More importantly, it's highly automated and performed en-masse through sophisticated, global campaigns. There's real money in ransomware, mining bitcoin, selling your keystrokes and access to the services that those keystrokes open up.
Attackers are really fast at reverse-engineering security fixes and turning them into weaponized attacks on unpatched clients. There's a lot of good research and intelligence collection happing at the industry level, and the reality is that turnaround time is as quick as a couple days. We're way past the days when you could just run unpatched for a few months. I mean, you might get lucky, but you're taking a big risk for negligible reward.
Also, we're talking about professionals. The idea that you're going to notice a malware infection on your machine is suspect. If it's well-written, you're going to have no clue. Modern malware is written by teams, who have daily builds, conduct regression testing against popular anti-virus and anti-malware tools, etc. We're long past the days of kids in basements. The sky isn't falling, but the realities are different, and that should probably factor into your thinking.
It's also worth pointing out that while Flash Player is free to you, but it's actually really expensive to produce and distribute. There's labor and bandwidth, and a bunch of technology patents that Adobe licenses on your behalf. At the same time, Adobe is a for-profit company, and Flash Player has to pay its bills. The distribution business is what makes that possible. As you can imagine, there are experts who define how that UI works and what it does, and they optimize it to meet the needs of the business.
Here's the thing, though. We want you to stay patched enough that we'll happily forego that revenue-generating opportunity. There's no ulterior motive there. Enable Automatic Updates, and you never get prompted to download again. We never get an opportunity to derive revenue from a product offering. It makes the web a better place. Like vaccinations, herd immunity matters. The less infected nodes are on the network, the healthier the network is.
So yeah, auto-update would fix this for you, and while you give up a little control, you're maximizing your defensive stance against a malware infection. The fallout from a bad Flash Player update is that we might break Farmville. The fallout from getting hit by a long-patched vulnerability has far more severe consequences.