[ALERT] Adobe Flash - The Last Straw?
Adobe Flash is a favorite target of hackers and malware writers because it's old (dating back to the mid-1990s), complex, and riddled with hidden bugs. Last week, Adobe issued a security update that fixed twenty-seven vulnerabilities, including one that could be exploited to deliver ransomware infections. Is it time to stick a fork in it?
Should You Trash Adobe Flash?
In July, 2015, I wondered if it was time to Dump Adobe Flash? Back then, I concluded, "So if your version is up to date, you can continue to use Flash safely." But now I've changed my mind. I don't think you CAN keep Flash up to date, so it's definitely time to get rid of Flash if you possibly can.
On April 12, 2016, Adobe released patches for over two dozen Flash bugs. TrendMicro Labs reported that one of those flaws was already being exploited to deliver ransomware. That was the tipping point for me.
Yes, the major browsers update Flash automatically for you; if they didn't, keeping up to date would be an overwhelming task for millions of users. But a vulnerability exists long before it is discovered by security researchers, and Adobe often drags its feet for weeks or months before issuing a patch. Therefore, I conclude that it is impossible to keep Flash up to date the majority of the time.
At any given moment, Flash has more “hole” than solid code, and that is simply intolerable! It's time to banish Flash completely from your system. But can you do that without “breaking the Internet?”
Respected security researcher Brian Krebs tried doing without Flash for a month, and was quite successful. You can read his blog post about the experiment here. http://goo.gl/q6H0Sk Bottom line: in 30 days, he only twice encountered a situation where he absolutely had to use Flash to view an essential animation. To do so, he used VirtualBox to run Linux browser with Flash enabled in a “virtual machine” isolated from his real system. He says it would have been easier to just enable Flash when he had to, and then disable it as soon as the need was gone.
Smellevision Replaces Television!
In one of my favorite Bugs Bunny cartoon clips, Elmer Fudd is transported "far into the future," to the year 2000, and he learns from a newspaper headline that smellevision has replaced television. I'd like to see similar headlines for the demise of Adobe Flash, and its replacement.
According to security expert Brian Krebs, Shockwave Player "bundles a component of Adobe Flash that is more than 15 months behind on security updates, and which can be used to backdoor virtually any computer running it." So yes, I would advise getting rid of both.
HTML5 is the next generation of the HyperText Markup Language that underpins Web pages. Support for animations is built into HTML5, along with modern security features. Major video sites, including YouTube, are already making HTML5 their default method of playing videos. It won't be long until nobody who matters is still using Flash.
Unless you are unfortunate enough to work for a company whose entire IT infrastructure relies upon Flash, you can and should do without it. Any inconveniences will be rare for consumers, and they will vanish as the entire Internet completes its move to HTML5.
Even Adobe recognizes that Flash's days are numbered. In February, 2016, Adobe dumped its Flash Professional developer tools in favor of a new suite based upon HTML5, called Adobe Animate CC.
What You Should Do Now
So my advice is to uninstall Adobe Flash Player from Windows. Use the Control Panel and then Programs and Features to find it. If you see it there, right-click and select Uninstall. If not found, it's already been removed. Now move on to the next step: disable Flash in your web browser.
In the Chrome browser, go to Settings. Click "Show advanced settings" at the bottom of the page, then click the "Content settings" button under Privacy. Scroll down to Plugins section, and select "Let me choose when to run plugin content". This will prompt you each time Flash is needed on a page, and you can decide if you want to proceed. To disable Flash completely (which is what I recommend) click the "Manage individual plugins" link and then click the Disable link under Adobe Flash Player.
In Firefox, click Settings, then Addons, then Plugins. Look for any Adobe Shockwave or Flash-related items, you'll see a drop-down menu. Click on it, and select either "Ask to Activate" or "Never Activate." If you don't see any Adobe items listed there, Flash has already been removed.
In Internet Explorer, go to Settings, then select "Manage add-ons". Under the "Show:" label, select "All add-ons." RIght-click any Flash-related entries, and select Disable. IE does not offer the option to selectively enable the Flash plugin.
If you set the browser plug-in to play Flash content only when you right-click on that grey box with the jigsaw puzzle piece, you're still taking a risk. There's no guarantee that Flash content will run safely, even on a trusted website. Let me know how life without Flash goes for you.
Your thoughts on this topic are welcome. Post your comment or question below...
This article was posted by Bob Rankin on 21 Apr 2016
|For Fun: Buy Bob a Snickers.|
[FAIL] Don't Get Burned By Crowdfailures
The Top Twenty
Do Shortened URLs Endanger Privacy?
There's more reader feedback... See all 37 comments for this article.
Post your Comments, Questions or Suggestions
Free Tech Support -- Ask Bob Rankin
Subscribe to AskBobRankin Updates: Free Newsletter
Copyright © 2005
- Bob Rankin - All Rights Reserved
Article information: AskBobRankin -- [ALERT] Adobe Flash - The Last Straw? (Posted: 21 Apr 2016)
Copyright © 2005 - Bob Rankin - All Rights Reserved