Adobe just released version 10 of the free Flash Player Web browser plug-in. The new version (10.0.12.36) replaces version 9,0,124,0 (yes, those are commas, not periods) and includes an important fix for a security flaw known as "clickjacking," as well as fixes for other problems.
Everyone should update their copy of the Flash Player, and this post explains how to do so on Windows machines (the Flash Player also runs on OS X and Linux).
Updating the Flash Player on a Windows machine is unusually cumbersome. In part, this is because the Internet Explorer version is packaged very differently from the Firefox/Opera/Chrome version, so the Flash Player needs to be installed separately into each browser.*
Another reason for the unusual hassle is that for many years, installing a new version didn't remove old versions. Then too, if all goes well, you should be able to remove recent versions of Flash in the normal way, but all doesn't always go well. For example, on the Windows XP computer I'm writing this on, version 9,0,124,0 of the Flash Player plug-in is installed and working fine, yet it doesn't show up in the "Add or Remove programs list" in the control panel.
Thus, the safest approach is to use Adobe's Flash Player uninstaller program.
I've written about this before, so rather than rehash it fully, what follows is a seven-step cheat sheet.
Step 1: To get the lay of the land, use Adobe's Flash tester page to see which version is currently being used by your Web browsers. I say "browsers" because this needs to be done in each installed Web browser.
Step2: Download the Adobe Flash Player uninstaller here. If you've done this before, do it again. The Windows uninstaller was last updated on October 15, 2008.
Step 3: Shut down all running programs, then run the uninstaller. Below are the uninstall details.
Step 4: Check the output from the uninstaller to see if you need to restart Windows. Here is what Adobe says about this:
"Internet Explorer users may have to reboot to clear all uninstalled Flash Player ActiveX control files. If you're not certain, select the "Show Details" button in the Flash Player uninstaller. If there are any log lines that begin with "Delete on Reboot..." then you'll need to reboot BEFORE running the Flash Player installer again."
Step 5: Adobe's Flash Player uninstaller is limited in a few ways. For one, it does not deal with portable versions of Firefox (see Portable Firefox and the Flash Player). It also doesn't handle other software, such as Dreamweaver, that includes its own copy of the Flash Player. Then too, there used to be a bug with its not searching for installed copies of Flash in places used by very old browsers.
The best way to get a true inventory of all instances of the Flash Player is to run the Secunia Online Software Inspector and turn on the checkbox to "Enable thorough system inspection." Expect it to take awhile.
Step 6: In Internet Explorer, first make sure that only one copy of IE is running. Then get the new version of the Flash Player at www.adobe.com/go/getflash. Look for a checkbox about also installing the Google toolbar. If there is one, I suggest turning it off on the theory that the less software installed the better.
The Flash Player installs like any other ActiveX control. Adobe warns, however, that "if you don't have administrator access, then you may not be able to install Flash Player successfully."
Step 7: For Firefox, Opera, and Chrome, Adobe also warns that you "may require administrative access to your PC" (see Flash Player installation instructions). Start any of these browsers, go to www.adobe.com/go/getflash, and download a file called install_flash_player.exe.
Close all Web browsers, then run the installation program. Finally, start each non-IE Web browser on your computer and verify the installation at the Flash tester page.
Here's the pot of gold at the end of the rainbow:
If you have any problems, see Troubleshoot Adobe Flash Player installation for Windows. You can also download flash at adobe.com/shockwave/download/alternates/.
To answer the question you may be thinking, yes, in an ideal world this posting would not be needed, let alone be so long.
See a summary of all my Defensive Computing postings.