Helping People Upgrade Flash

As mentioned by Johnathan, with last week’s 3.5.3 and 3.0.14 releases, Mozilla started warning users if their version of Flash is out of date.  Coupling the following two facts tells us that such an effort has a chance at making a significant impact with overall internet safety.

  • 99% of internet users (desktop) have Flash.
  • The vast majority of people have an out of date version.  One study claims 80% and’s own traffic stats show about 75% of visitors on a non current version.

So, what has transpired since last Wednesday?

In one week, 10,000,000 people have clicked on the “flash update” link below.


Taking this analysis one step further, we wanted to gain a better sense for users’ interaction with this page.  Breaking down the data by day, we looked more carefully at the en-US version of the 3.5.3 whatsnew (or update) page and pulled the following numbers:

  1. How many total people hit the whatsnew page?
  2. Of this cohort, how many had an out of date Flash version, and hence, saw the message above?
  3. And of this smaller cohort, how many people actually clicked on the flash update link?


Beyond the total impact of 10,000,000 clicks, the most impressive pattern that stands out is the click through rate.  While the Firefox whatsnew page generally sees a click through rate below 5%, the flash update link alone has generated a click through rate north of 30%.  Phenomenal!

36 responses

  1. alanjstr wrote on :

    If most people are anything like me, they don’t even bother to glance at the page that shows up after updating Firefox. You really need to get their attention. Pop ups. Flashing. Hit the monkey. Something!

  2. Gen Kanai wrote on :

    Definitely great news.

    One small change I’d love to see for that page is:

    “The newest version of Flash is xyz123, you are running (older version)”

    Not sure if we can do that or not but it would make more clear that your Flash is out of date.

  3. johnjbarton wrote on :

    The only statistic you are missing is the number of people new McAfee customers created by this ad campaign. North of 9 million? Phenomenal indeed.

  4. nospam wrote on :

    Yeah, yeah, great. This would be WONDERFUL if not for the unwanted McAfee virus bulljive that comes with this flash update. Not cool, Adobe. Not. Freaking. Cool.

  5. Daniel Veditz wrote on :

    The graph above seems to show that of people who update their browser about half have an outdated Flash. If general site traffic shows 75% use an outdated Flash does that mean we get most of our site traffic from people who aren’t using the latest Firefox?

    Has the effort made a measurable difference in the percentage of general site visitors with out of date Flash? It will be interesting to see how the red and blue lines compare during the next round of Firefox updates.

  6. Ian M wrote on :

    This is a fantastic project.

    I think slightly stronger wording is needed, however. Also, and this is going to sound really minor, but try writing the bad words in red. You might be amazed at what that can do.

    Please, please tell me you’re doing split testing on this? This is an absolutely *perfect* scenario to use it to find out what’s effective (you get to show a page to a vast number of users, and the action they take is really important).

  7. Kurt (supernova_00) wrote on :

    Any chance of getting numbers from Adobe on how many actually downloaded?

  8. Richard wrote on :

    This is a great idea, though the real solution is for OSes to provide security updating for all installed apps, not just those built-in to the OS (thinking of Mac and Windows here).

    Also, for Linux, it would be helpful if Adobe’s site had better wording, ideally detecting the distribution (I think Opera does this) but at least pointing most users to use Synaptic or similar to download the app from their distro repositories. Otherwise, people update once for this fix, and never again, because it’s too painful to find a tarball, unpack it, put the files in plugins directories, etc.

  9. Ivan Enderlin wrote on :

    Definitely a great campaign!

  10. David Bolton wrote on :

    The idea is good but the actual installation process felt abusive with all the extra stuff that Adobe attached on to it. I for one am more inclined to ignore the update notice next time unless I am ready to install software, uninstall software, uninstall extra add-ons, restart Firefox multiple times, etc.

  11. wrong wrote on :

    What about a Plug-in check if Adobe Flash is installed and when the answer is true, provide a link to uninstall it!

  12. David Bolton wrote on :

    Is there a way to make the plug-in update process more like extensions? Where the update only affects the plug-in in question and doesn’t touch the rest of the computer or add bundleware.

  13. glandium wrote on :

    This feature would be a good thing if 1. Adobe would not try to push other products at the same time (see and 2. Adobe would not try to install a plugin and an external program to handle the flash plugin download by installing a special firefox extension that will leave everything behind once removed.

  14. Bo T Jensen wrote on :

    For the lucky ones who saw the checkbox, this McAfee push is going to leave a sour taste behind desptite the aparent success.
    Those who didnt see it is going to be somewhat confused and will loose confidence in future FireFox upgrades and ‘security’ links.

    Reminding of updates for exisiting addons is a noble cause and should be encouraged. But pushing your partners (or your partners partners) sofware through mandatory updates is a really bad way to do business.

  15. Rhialto wrote on :

    The message is wrong. It should read something like “Flash is proprietary and evil, and mostly used for annoying ads. You should deinstall it right now.”
    Fortunately, I don’t have Flash installed, because it simply doesn’t exist for my operating system.

  16. Simarprit Singh wrote on :

    I wonder why you did this? Big time commercial reasons or just public awareness? Anyway I did click, but didn’t bother to read or care about what happened after that – got going with my work

  17. Steve Firth wrote on :

    Great idea which as usual had to be abused …

    Who want’s a CrapAfee scan …

    Come to think of it, wtf at download manager?!

    I’m sick to death of companies trying to ring fence space and resources on my PC so they can sell their crap.

  18. Steve Firth wrote on :

    And now the download manager keeps popping up … brilliant.

  19. matt wrote on :

    Thats an awesome service — please keep that up. I’m usually remembering to update flash as they come out – but i know lots of people who forget. so this is great.

  20. David Dows wrote on :

    Flash and other browser plugins are only a few areas of the attack surface of a typical PC.

    I recommend that everyone go to Secunia’s website and install the Personal Software Inspector.

    It scans and recognizes most installed apps and reports on those which are either vulnerable until patched or beyond end-of-life and therefore no longer being supported with patches, e.g. VMWare Workstation 5.x on my system just reached End-of-Life status.

    For each application there are links directly to the patches, technical details, further online resources explaining the potential threat, the folder containing the unpatched file, the Add/Remove control panel, and more, including the option to create a rule to ignore the specific obsolete file in spite of the risk.

    Often there is also a link to a Solution Wizard with instructions for programs that might require more than a patch, such as manually removing old files, even after updating, e.g. Flash and Java.

    It’s free for personal use and continuously monitors the system for products requiring newly released patches.

  21. Gath wrote on :

    So, is Adobe going to compensate me for the time I wasted trying to figure out how McAfee Security Scanner got installed on my machine and whether or not it was actually a security threat in disguise. I was seriously concerned that I had somehow fallen for some “Anti-Virus 2009” clone.

    I’m not too surprised to see this type of arrogant behavior from Adobe but it does leave a bitter taste in my mouth to see that Firefox is also complicit in this as well.

  22. deepnet wrote on :

    I’m with Gath and everyone else… this is total bull****, I feel like I have been reamed. I freaked out thinking that I’d contracted a virus too. I am not going to trust Firefox again and I will no longer be recommending it to my clients.

    Opera, Safari, and now Chrome have been annoying to me as a web software engineer but now I’m glad they’re around.

  23. T. Bytes wrote on :

    I don’t know what’s changed, but ever since updates occured on Firefox, my computer is running slow and often freezes/hangs and/or crashes. Both occur frequently. I have downloaded the flash uninstaller and reloaded the updated one, I updated Java as well. I checked to be sure my Mozilla really was updated etc. Wtf is going on?

  24. Henrik Jensen wrote on :

    Before fixing other compagnies security problems how about fixing your own? 😉

    If you so easily can code a notification for the Flash plugin why not an update notification for Firefox updates for non-admins?

    I really do want to keep FX up to date but your update design is flawed. Well,- flawed for security conscious people who run on a restricted/limited/normal account for normal work in 2K/XP/VISTA and as I understand, the Mac OS version has the same flaw (Of course Linux distribs usually haven’t as FX get updated through the systemwide update mechanisme). I’m talking about the greyed out “Check for updates” that meets non-admins. This means I *manually* has to login as an admin, run FX, click Help and then “Check for updates” to see if there are any FX updates and then log out again before I run firefox a a normal user *if* I wan’t to be sure I’m surfing safe. Ok,- you can shorten the procedure a bit through runas.
    I do not often go through this procedure course it’s too tedious. Instead I usually get alerted through some online IT-mags I happen to be reading, that announces a new FX update. Needless to say, I’m often a few days or more behind :(.

    Why oh why haven’t you (at least) provided an update notification for non-admin users instead of just disabling the whole mechanisme?

    (Admitted,- I actually think the “Upgrade Flash campaign” is a good initiative but I just felt I needed to rant about this internal FX security lapse that has been around for years)


  25. Simon Brüchner wrote on :

    How can I call this page manually in FF?

  26. laion wrote on :

    Santa ignorância na qual encontrava-me! Help firefox

  27. John Gilmore wrote on :

    Will you provide the same service for gnash, the *free software* flash player?

    Why is Mozilla in bed with proprietary software companies, anyway?

  28. baz wrote on :

    If up to 80% are not updating to the new version that says to methat you are not getting through to them, or many are too scared to download as their heads are full of spam warnings

  29. financial spreadbetting wrote on :

    I got this message yesterday when I rebooted. I’m struggling to get the update though.

  30. louis wrote on :

    I got this message yesterday when I rebooted. I’m struggling to get the update though.

  31. wrote on :

    Just remember that Google, and the other search engines, can’t read flash websites.

  32. utah spine and disc wrote on :

    My firefox seems to periodically shut down ever since I upgraded. Anyone know why this happens?

  33. Hilary wrote on :

    I really like Mozilla Firefox. I know we had to update the flash player on our computers at my office and it worked just fine.

  34. sell my website wrote on :

    The people at Mozilla are very brilliant. I’m impressed with what they’ve done to help people make sure they have the current version of flash on their computers. Great work!

  35. Jon wrote on :

    I don’t think that this necessarily implies “being in bed” with a proprietary software company as John Gilmore suggests, but rather addressing large and significant risks for their products users. I’m sure if gnash or anyone else was functioning as such a significant risk that Mozilla would do the same thing. Seems like a somewhat crazy accusation.

  36. Eng City-Engineering Video wrote on :

    That’s great news thank you