[ALERT] Adobe Flash - The Last Straw?

Category: Security

Adobe Flash is a favorite target of hackers and malware writers because it's old (dating back to the mid-1990s), complex, and riddled with hidden bugs. Last week, Adobe issued a security update that fixed twenty-seven vulnerabilities, including one that could be exploited to deliver ransomware infections. Is it time to stick a fork in it?

Should You Trash Adobe Flash?

In July, 2015, I wondered if it was time to Dump Adobe Flash? Back then, I concluded, "So if your version is up to date, you can continue to use Flash safely." But now I've changed my mind. I don't think you CAN keep Flash up to date, so it's definitely time to get rid of Flash if you possibly can.

On April 12, 2016, Adobe released patches for over two dozen Flash bugs. TrendMicro Labs reported that one of those flaws was already being exploited to deliver ransomware. That was the tipping point for me.

Yes, the major browsers update Flash automatically for you; if they didn't, keeping up to date would be an overwhelming task for millions of users. But a vulnerability exists long before it is discovered by security researchers, and Adobe often drags its feet for weeks or months before issuing a patch. Therefore, I conclude that it is impossible to keep Flash up to date the majority of the time.

Trash Adobe Flash

At any given moment, Flash has more “hole” than solid code, and that is simply intolerable! It's time to banish Flash completely from your system. But can you do that without “breaking the Internet?”

Respected security researcher Brian Krebs tried doing without Flash for a month, and was quite successful. You can read his blog post about the experiment here. http://goo.gl/q6H0Sk Bottom line: in 30 days, he only twice encountered a situation where he absolutely had to use Flash to view an essential animation. To do so, he used VirtualBox to run Linux browser with Flash enabled in a “virtual machine” isolated from his real system. He says it would have been easier to just enable Flash when he had to, and then disable it as soon as the need was gone.

Smellevision Replaces Television!

In one of my favorite Bugs Bunny cartoon clips, Elmer Fudd is transported "far into the future," to the year 2000, and he learns from a newspaper headline that smellevision has replaced television. I'd like to see similar headlines for the demise of Adobe Flash, and its replacement.

UPDATE: In response to reader comments, here is some clarification. Adobe Shockwave Player and Flash Player are not the same. Flash Player cannot display Shockwave content, and Shockwave Player cannot display Flash content. Many have asked if Shockwave is similarly vulnerable.

According to security expert Brian Krebs, Shockwave Player "bundles a component of Adobe Flash that is more than 15 months behind on security updates, and which can be used to backdoor virtually any computer running it." So yes, I would advise getting rid of both.

HTML5 is the next generation of the HyperText Markup Language that underpins Web pages. Support for animations is built into HTML5, along with modern security features. Major video sites, including YouTube, are already making HTML5 their default method of playing videos. It won't be long until nobody who matters is still using Flash.

Unless you are unfortunate enough to work for a company whose entire IT infrastructure relies upon Flash, you can and should do without it. Any inconveniences will be rare for consumers, and they will vanish as the entire Internet completes its move to HTML5.

Even Adobe recognizes that Flash's days are numbered. In February, 2016, Adobe dumped its Flash Professional developer tools in favor of a new suite based upon HTML5, called Adobe Animate CC.

What You Should Do Now

So my advice is to uninstall Adobe Flash Player from Windows. Use the Control Panel and then Programs and Features to find it. If you see it there, right-click and select Uninstall. If not found, it's already been removed. Now move on to the next step: disable Flash in your web browser.

In the Chrome browser, go to Settings. Click "Show advanced settings" at the bottom of the page, then click the "Content settings" button under Privacy. Scroll down to Plugins section, and select "Let me choose when to run plugin content". This will prompt you each time Flash is needed on a page, and you can decide if you want to proceed. To disable Flash completely (which is what I recommend) click the "Manage individual plugins" link and then click the Disable link under Adobe Flash Player.

In Firefox, click Settings, then Addons, then Plugins. Look for any Adobe Shockwave or Flash-related items, you'll see a drop-down menu. Click on it, and select either "Ask to Activate" or "Never Activate." If you don't see any Adobe items listed there, Flash has already been removed.

In Internet Explorer, go to Settings, then select "Manage add-ons". Under the "Show:" label, select "All add-ons." RIght-click any Flash-related entries, and select Disable. IE does not offer the option to selectively enable the Flash plugin.

If you set the browser plug-in to play Flash content only when you right-click on that grey box with the jigsaw puzzle piece, you're still taking a risk. There's no guarantee that Flash content will run safely, even on a trusted website. Let me know how life without Flash goes for you.

Your thoughts on this topic are welcome. Post your comment or question below...

 
Ask Your Computer or Internet Question

  (Enter your question in the box above.)

It's Guaranteed to Make You Smarter...

AskBob Updates: Boost your Internet IQ & solve computer problems.
Get your FREE Subscription!


Email:

Check out other articles in this category:



Link to this article from your site or blog. Just copy and paste from this box:

This article was posted by on 21 Apr 2016


For Fun: Buy Bob a Snickers.

Prev Article:
[FAIL] Don't Get Burned By Crowdfailures

The Top Twenty
Next Article:
Do Shortened URLs Endanger Privacy?

Most recent comments on "[ALERT] Adobe Flash - The Last Straw?"

(See all 37 comments for this article.)

Posted by:

Dan Valleskey
23 Apr 2016

What?!? now I have no Bejewelled Blitz?!? No other facebook games, looks like they all want Adobe Flash. Sorry Bob, but you gave me bad advice this time. Oh- and Rick? You did not ask a dumb question, but you should not have asked it seven times.


Posted by:

Jim
23 Apr 2016

I got rid of flash last summer. A few things don't work; the only one that really bothers me is Ch 41 TV in Kansas city. If they won't update their site then I don't need to look at their ads, though I do miss their weather videos.


Posted by:

Carol
23 Apr 2016

I need Adobe Flash every day for playing various PCH games, seeing some videos, etc. It keeps getting eliminated when I use AOL, and I have to keep reinstalling it. I thought it was Avast that was removing it every few days. If I use Google, I can play the PCH games I need, but it's a pain to not be using AOL, since I use that for everything. I'm hoping they finally figure out a way to protect Flash from the bad guys because I need it.


Posted by:

Samg
23 Apr 2016

Hulu requires Flash. Netflix doesn't. Amazon streaming? Bob, I tried removing Flash. Then needed it to watch Hulu+. Due to finances and show availability, I'll be discontinuing Hulu+. Paying to not watch commercials then being switched to shows on channels with commercials is more than I can bear. And CBS charging $10 a month to watch online? The 'Net has mostly become a sales media. This next month, goodbye to Hulu+, Internet Explorer, and Flash.


Posted by:

Bassman700
23 Apr 2016

Hey Bob, I killed Flash, but a number of videos/animations do not work as well. They seem to be much slower.

Is there a viable alternative to Flash?

Many Thanks!


Posted by:

Michael Webb
23 Apr 2016

Bob, someone else has raised a similar question to one I have and would appreciate an answer; is Adobe Shockwave Player also considered vulnerable and should also be removed? Thanks for the help!

EDITOR'S NOTE:Adobe Shockwave Player and Flash Player are not the same. Flash Player cannot display Shockwave content, and Shockwave Player cannot display Flash content. Many have asked if Shockwave is similarly vulnerable.

According to security expert Brian Krebs, Shockwave Player "bundles a component of Adobe Flash that is more than 15 months behind on security updates, and which can be used to backdoor virtually any computer running it." So yes, I would advise getting rid of both.


Posted by:

Craig
26 Apr 2016

Adobe Flash status is a dilemma.

After reading Bob's article I immediately uninstalled it but since then I have needed it on more than one occasion e.g sending animated e-cards, viewing products on a website that sells outdoor gear).

I may wind up reinstalling Flash and taking my chances !


Posted by:

L-Space_Traveler
26 Apr 2016

Thanks for the tip, onedeafeye. I kept wondering how so many people kept saying they didn't need flash on sites where I did - I just changed this setting.


Posted by:

marge201
28 Apr 2016

Thanks a lot, Bob. I removed and disabled in Chrome. Any problem with Adobe AIR?


Posted by:

Robert
28 Apr 2016

CAUTION: We use Google Drive/Docs for many important business documents, spreadsheets, etc. When we followed the above instructions on one of our computers we discovered we could no longer print anything directly from Google Drive. All we would get was a printout of the jigsaw puzzle piece. There were also a number of minor animations on various websites that also did not work (and clicking on the puzzle icon didn't do a thing).

We reloaded flash onto the computer but it still took a bit of doing to reset the browser settings so things would work again. As we too have never had an issue with problems (supposedly) caused by flash on any of our computers over many years we feel that this is again one of those things you will have to decide for yourself to do. We decided the risk of a "possible" hack was far smaller than the damage the lack of flash would do to our business and personal use and was worth taking.

This reminds me a bit of the taking out of insurance for a "catastrophic" event. Without the insurance you *may* (granted) suffer a loss. But at what overall cost? Was what you paid in premiums worth the return?

Your decision. And remember, "Your mileage may vary."


Posted by:

kathryn
28 Apr 2016

Sheesh, I removed it, but now I regret it! It is needed for most everything I need to do. I guess even my old HP printer uses it. Now, I get to waste more time trying to figure out how to put it back on. Perhaps, there would have been a better way?


Posted by:

JB
05 May 2016

Sorry, but your reply to my posting of 22 April is not relevant. You state that "Your argument is the same as saying I never got the flu shot, and look, no influenza here!" I have, indeed, given my computer a "flu shot". It's called an anti viral program. Your original advice about Flash, is more akin to saying; "Uninstall contact with other people to avoid being infected with the flu." This is not a viable solution. It is merely sidestepping the issue.


Posted by:

Moazzam Siddiqui
07 May 2016

What about Adobe Shockwave Player?


Posted by:

Roy
08 May 2016

Firefox and NoScript plugin works fine

This Is fear mongering of the highest order. Sensationalism for Bob and his site. I find popups like teh ones I disable on your site much more annoying..

For an average user I hardly think this Is worth the worry, and even some online banking requires flash

Sure, the odd person (1 In a billion) may get hacked but In general, hackers go after companies and larger fish like that...not home users.

I wouldnt worry too much about disabling this, and In my 25+ years of computer use, have honestly never been hacked. Just be sensible and dont keep overly sensitive Information on your Internet computer and you should be fine

Dont worry too much. Hackers dont get much of a thrill from hacking home computers unless youve got naked photos on there, and would much rather try hacking NASA or FBI or large companies with sensitive Information

And If something does happen...do a quick reinstall or reinstall a clean backup Image, and like I said, dont keep anything sensitive on teh Internet computer

Cheers


Posted by:

Andrew Whitburn
08 May 2016

Garbage statement to make that everyone can get by without flash. I know for one some streaming sites in Australia require it....even the ABC which is government run. So quite a bad article in my opinion from a tech expert


Posted by:

Dixie
12 May 2016

I uninstalled it a week ago. Since then, there have been no problems at all as mentioned here. My bank site works. Facebook and games work for me. I have Bejeweled, a version that is more than 5 yrs old. No problems with my browsers. I'm able to watch videos online, HULU, Netflix all work. So far, not a single website has asked for Flash.
Don't know what all the fuss is about. It has had documented problems for a long time. If I find it is crucial, I'll download it again but so far, I won't bother. No point in creating work for myself... or potential expense.


Posted by:

Jackie
15 May 2016

Because I stream video through Hulu and they require flash and I play games like candy crush and those that are similar I don't know how I would do without flash. I have read the comments above and it looks like most of the people who uninstalled it have found these programs to stop working. Only a couple of comments said they had no problems after the uninstall. I'm afraid I need more clarification before I uninstall this program. Also the Firefox plugin has a protected mode built in and that would seem to provide the extra protection needed as long as you leave it on.


Posted by:

Bill
28 May 2016

I disabled it after reading this article a month or so ago, but from time to time, I have run into problems. Today I was going to listen to Pandora as I have in the past, but it will not play without Flash and I can't find a way around it.


Posted by:

Jan
04 Jun 2016

What do we use in place of Adobe Flash on windows ( internet explorer ? And google ? Thank you in advance


Posted by:

Butch
03 Jan 2017

Bob, I deleted Flash long ago. There are very, very few times when I get a message that it is required to see a particular news clip, etc. I can easily live without them. I've had no problems with any of my software at all because of not having Flash.

Oh yeah. Once in a while a "Get Flash" page will pop up which I simply ignore but periodically check my installed programs to see if it has somehow been installed behind my back. [Uh...the business of MS installing Windows 10 on folks who didn't want Windows 10 is my rationale.]


There's more reader feedback... See all 37 comments for this article.

Post your Comments, Questions or Suggestions

*     *     (* = Required field)

    (Your email address will not be published)
(you may use HTML tags for style)

YES... spelling, punctuation, grammar and proper use of UPPER/lower case are important! And please limit your remarks to 3-4 paragraphs. If you want to see your comment posted, pay attention to these items.

All comments are previewed, and may be edited before posting.

NOTE: Please, post comments on this article ONLY.
If you want to ask a question click here.

Free Tech Support -- Ask Bob Rankin
RSS   Add to My Yahoo!   Feedburner Feed
Subscribe to AskBobRankin Updates: Free Newsletter
Copyright © 2005 - Bob Rankin - All Rights Reserved
Privacy Policy -- See my profile on Google.


Article information: AskBobRankin -- [ALERT] Adobe Flash - The Last Straw? (Posted: 21 Apr 2016)
Source: http://askbobrankin.com/alert_adobe_flash_the_last_straw.html
Copyright © 2005 - Bob Rankin - All Rights Reserved