Dump Adobe Flash NOW?

Category: Security

Adobe Flash has a long history of security vulnerabilities; over a dozen have required patching in 2015 so far. Three more zero-days in Flash that were discovered and fixed recently have some in the tech industry crying, “Enough! Time to kill Flash forever!” But is it? Read on for the scoop...

Can the Web Survive Without Flash?

The most recently discovered holes in Flash were being exploited by The Hacking Team, an Italian cyber-spying firm that claims to sell its services only to government agencies. The Hacking Team’s own network was hacked in late June, and 400 GB of internal documents were released via Bittorrent.

Among the embarrassing emails, invoices, and other evidence that the company helps repressive governments, were the recipes for exploiting three previously unpublished Flash vulnerabilities. Hacking Team’s staff described one of them as the "most beautiful Flash bug for the last four years” in a leaked email.

It’s unclear how long Hacking Team kept these bugs a profitable secret instead of helping Adobe fix them. Audaciously, Hacking Team blames the unknown data thieves for exposing the bugs’ existence, as if they were safely in HT’s hands alone.
Dump Adobe FLash?

The tech community’s response has been pretty standard, despite journalists’ efforts to hype it up. Apple quietly continued to ignore Flash, which it has not supported on mobile devices since 2010. Internet Explorer and Google Chrome automatically patched their built-in Flash players. On July 13, Mozilla Firefox took things a step further. Instead of automatically updating the plugin like its competitors, Firefox disabled the Flash plugin.

Users could re-enable it in Firefox’s settings, if they knew how. When Adobe released a patched version the very next day, savvy users who downloaded and installed it could view Flash videos, games and other missing content again.

Setting a Date

Last year I called for (most) users to stop using Java, in my article Time to Boycott Java?. So why am I not joining the chorus of pundits saying "Kill Flash" today? The problems with Java were different, more pervasive, and more acute. At the time, 91% of all Web exploits targeted Java vulnerabilities. And only a tiny percentage of websites were still using it.

Facebook’s security chief, Alex Stamos, Tweeted on July 12, “It is time for Adobe to announce the end-of-life date for Flash and to ask the (developers of) browsers to set killbits on the same day.” Stamos added that it doesn’t matter if the kill-date is 18 months in the future, as long as it’s taken seriously and developers begin now to prepare for it.

Flash has been in decline since 2010, when the late Steve Jobs published a widely-cited blog post explaining why Apple banned Flash from iOS. Jobs said that Flash is inherently unstable, a system resource hog, lacks touchscreen controls, and worst of all is proprietary. "New open standards created in the mobile era, such as HTML5, will win on mobile devices (and PCs too),” he wrote.

Today, Adobe claims more than 500 million devices are “addressable today with Flash technology.” Flash is still used on 23 percent of the 483,000 Web pages tracked by the HTTP Archive, down from 39% three years ago. NBC and Major League Baseball are among the high-profile sites that still cling to Flash technology. But untold numbers of smaller sites use Flash to display content, or offer games.

Even Facebook still uses Flash, despite the wishes of its chief security officer. Mobile users get HTML5 videos, but desktop browsers are stuck with Flash. Stamos has taken the reasonable position: announce an execution date for Flash at a reasonable time in the future, and pull the trigger as scheduled. The holdouts at NBC, MLB, and other sites will get busy converting to HTML5 when they believe there’s a credible threat to their click-streams.

The rub is that for users, there's no magical way to switch to some other method of viewing or playing Flash content. And almost one quarter of all web pages contain Flash elements. Website developers will have to re-code those Flash-based videos, pages and games in the HTML5 language. That's not a trivial undertaking, and some legacy content will never be converted.

Should You Panic?

As of this writing, all known Flash vulnerabilities have been patched. So if your version is up to date, you can continue to use Flash safely. As I mentioned earlier, Google Chrome and Internet Explorer keep Flash updated automatically.

If you use some other browser, you should make sure that you have the latest, patched version of Flash installed on all of your devices. Go to the Adobe Flash Plugin Update page to get it. (Uncheck the “optional offer” checkbox in the middle of the page.) And during installation, be sure to set the plugin to update itself automatically in the future.

If you're worried about future Flash bugs popping up, go ahead and remove it via the Control Panel. You may find that you don't miss it at all. But if you do, you can always install it again. Your thoughts on this topic are welcome. Post your comment or question below...

 
Ask Your Computer or Internet Question

 
  (Enter your question in the box above.)

It's Guaranteed to Make You Smarter...

AskBob Updates: Boost your Internet IQ & solve computer problems.
Get your FREE Subscription!


Email:

Check out other articles in this category:



Link to this article from your site or blog. Just copy and paste from this box:

This article was posted by on 16 Jul 2015


For Fun: Buy Bob a Snickers.

Prev Article:
A Big Milestone + Geekly Update

The Top Twenty
Next Article:
Yes, The Feds Can Read Your Email (and more)

Most recent comments on "Dump Adobe Flash NOW?"

(See all 29 comments for this article.)

Posted by:

Dr.Sue
16 Jul 2015

Yes, thanks from this long-time subscriber. Helps make things less muddled. And, a BIG thanks for your spelling and punctuation requirement. On some sites (NB: not "sights") the comments are unreadable.


Posted by:

Dave Roche
16 Jul 2015

And while we are at it, lets Dump Firefox as well!! At present it doesn’t allow me to play any videos on YouTube, as it claims Adobe Flash plugins are out of date.

Despite updating Adobe Flash three times already this week, Firefox 39.0 still continues to declare Adobe Flash plugins are out of date when using YouTube. Since Opera is working fine with Flash, I assume it's a Firefox issue?

To make matters worse Firefox’s “allow” button doesn't always appear either, which I find really annoying, so I have to resort to using Opera instead to view the videos.


Posted by:

Robert A
16 Jul 2015

Something happened to one of my accounts on my newish Acer desktop, running Win 8.1, and I am not able to view videos shown on You Tube and other sites. I keep getting error messages to install Adobe Flash Player, but when I check the set up in Control Panel, it says Flash is already installed. I had to create a new profile on the computer to get Flash pages to work. There should be other alternatives to Flash one can use, as there are for PDF documents, to be able to view videos on You Tube, and elsewhere.


Posted by:

Ivan
16 Jul 2015

I think flash has seen the better days and it is now time to upgrade to something that is not always so vulnerable to all the hacks etc. Flash should go away, I myself do not like it at all as I know it is dangerous to use it. So for youtube I use the html5 plugin. I did not know Mozilla offers a view without flash, never heard of that outside of the html5 plugin which does not work well on Facebook if at all. But it is time to find something new that actually uses less resources and is safe...


Posted by:

Unitary
16 Jul 2015

I removed Adobe Flash several months ago and I never missed it. >> Flash is still used on 23 percent of the 483,000 Web pages tracked by the HTTP Archive...

EDITOR'S NOTE: You may find ads on web pages useless or annoying, but they make it possible for thousands of free sites like this one to exist. Getting rid of Flash won't make ads go away, but it will make a lot of work for a lot of sites that host videos, games and other non-useless content.


Posted by:

Bill
16 Jul 2015

"As of this writing, all known Flash vulnerabilities have been patched. So if your version is up to date, you can continue to use Flash safely. As I mentioned earlier, Google Chrome and Internet Explorer keep Flash updated automatically." The previous statement does not support the idea that you can still use Flash safely.

EDITOR'S NOTE: Why, because there may be some unknown Flash vulnerabilities? If that's your reasoning, then you could say the same thing about any software.


Posted by:

John Silberman
16 Jul 2015

Forefox's Flashblock plugin is a must.. It is especially helpful to block all those flash videos that automatically load when opening a new page.


Posted by:

Joe
16 Jul 2015

Thank you. That information was very helpful.


Posted by:

Blanche
17 Jul 2015

Thanks for expertise Bob,

Much enjoying your website. My Firefox has been blocking Flash files and so consequently I have followed its advice and updated plugins. I think that it's certainly time for me to be open to alternatives. Fundamentally Adobe needs to get it's act together. Bad news travels fast and when a significant amount of Flash users get stung, the pain will linger. It's a company I've lost a lot of respect for recent years, not paying attention to it's software, with a forum that's becoming tumbleweed.


Posted by:

Charles
17 Jul 2015

Firefox has now blocked ALL versions of FLASH, as they no longer trust adobe given the long trail of unfixed and "panic fixed" version of Flash.

If you feel lucky, you can go to the Tools plugins area and you should be able to activate it if you have todays newest version.


Posted by:

Carole
17 Jul 2015

In the past, I've seen ads here that looked like Adobe Flash was used to produce them. Please tell me if I am right or wrong Bob.


Posted by:

LadyLiberTEA
17 Jul 2015

Thank you Bob for quick sane redress to CNET urge dump Flash I did but HTML5 doesn't play all on Facebook so I'm glad I can safely resume Flash on IE with the caveat to dump it as soon as industry-wide, and meanwhile keep it updated timely.

WINDOWS 8.1 "no Flash," Robert A, is intermittent though embedded. Good resort your add'l user finding Flash working. "No Flash" regularly on our Win8.1 = one reason just bought a Win7 w/ DVD player dumped by Win8 though has a drive even freeware won't play.

Hopefully WINDOWS 10 free upgrade end of July won't continue Flashius Interruptus, though I doubt returning the DVD player to us. I won't install it til we hear from Bob :)


Posted by:

Bob Greene
17 Jul 2015

HTML5-coded video seems the best answer to problems with Flash, but a substantial number of websites still use Flash, and intentionally burden users with advertisements which run Flash, as well. At some news sites like cbsnews.com, the situation is nearly out of control, and loading only a few tabs for stories imposes a huge RAMload/bandwidth system burden.

In my own case, since I need an active Firefox Flash plugin for important Flash websites, I install the Flash plug-in with the option for manual activation ("Ask to Activate" on the drop-down menu under Tools/Add-Ons/Plug-ins/Options). On a Flash-driven website, this automatically renders a screen prompt which must be answered to run any Flash item ("Ask Me" or "Ask Me and Remember Choice").

This arrangement has not proved burdensome, and I have the bonus of loading content, first, without automatically loading RAM and bandwidth-robbing Flash advertisements, as well. On arrival at each website, after I have loaded content, any other Flash-generated prompt usually indicates an annoyance wants to run, which I am happy to ignore.


Posted by:

Digital Arteeste
17 Jul 2015

Just yesterday I had run a search on your website for the latest on this, and here it is today! Very timely. Thanks.


Posted by:

Jerry
17 Jul 2015

I uninstalled flash & the flash browser plugin about 6 months ago. Have not missed it (cuts down on a lot of autostart movies and ads). I also uninstalled Adobe Reader mainly because of the constant updates but I realized it was unsafe. Uninstalled Java 2 years ago and haven't missed it either.


Posted by:

rick harbour
18 Jul 2015

If we get rid of Flash,and consider getting rid of Java,then what about site`s that use them? People will have a time viewing videos,and place`s like Pogo.com,(which many people subscribe to and play)will probably no longer be available for us! Someone needs to seriously think this thing over,and consider a simple solution.


Posted by:

B Miller
23 Jul 2015

Many of the sites I use have Java based programs, like Parachat. Many videos won't play without Flash. And Windows 10 is dropping Windows Media Player and to play DVDs it will require a separate program at a $ price which will be compatible with Win 10 . As well, Windows 10 like Win 8/8.1 won't allow Linux to run alongside it or on a split double boot hard drive. On all of my computer Win 7 and prior I have run Linux Ubuntu on a partition/double boot. Sometimes progress and creating something new takes away from many what has been useful and served a purpose. Now, at great expense, many of us older computer users will have to upgrade, purchase new computers, printers, software etc. which will not be of any advantage or usefulness. No matter what OS or programs are developed, there will be vulnerabilities in them which hackers can exploit. I like the saying: If it Works, Don't Fix It!

EDITOR'S NOTE: A couple of corrections... (1) You can use the free VLC Media Player (http://askbobrankin.com/what_is_vlc_media_player.html) as a replacement for Windows Media Player. (2) You CAN run Windows 8 (or Windows 10) in a dual-boot configuration with Linux. You just have to turn off the UEFI Secure Boot option. See http://www.networkworld.com/article/2900502/microsoft-subnet/linux-users-alarmed-over-windows-10-lockout.html


Posted by:

Jacklene
05 Sep 2015

Amazon Prime or Netflix, I forgot which one, strongly suggested I install Silverlite. I assumed this was similar to flash. I got tired of having to tell it to use flash at the start of each video so I gave in and downloaded it. So far it's been running fine so this may be an alternative to flash.


Posted by:

mike d
15 Sep 2015

I have given up on Flash. it is a power hog that is in constant need to be upgraded. It slows down websites and eats up data when on cellular. HTML5 is so much better, I don't understand why websites still insist on using Flash. I uninstalled it over a year ago and seldom miss it. If the website uses flash, I send them a message asking them to give up on it.


Posted by:

LadyLiberTEA
17 Feb 2016

Editor noted free VLC Media Player as a replacement for Win8-10's dropped Windows Media player for DVD drive. But like others I've seen comment online, VLC didn't work on my newish Win8.1 DVD drive Samsung deceptively supplied w/o software to run it.

So I bought a Win7 Home with DVD player, no screen tiles or hybrid Win8-10, & no unfixably embedded Flash failing to function intermittently on IE.


There's more reader feedback... See all 29 comments for this article.

Post your Comments, Questions or Suggestions

*     *     (* = Required field)

    (Your email address will not be published)
(you may use HTML tags for style)

YES... spelling, punctuation, grammar and proper use of UPPER/lower case are important! Comments of a political nature are discouraged. Please limit your remarks to 3-4 paragraphs. If you want to see your comment posted, pay attention to these items.

All comments are reviewed, and may be edited or removed at the discretion of the moderator.

NOTE: Please, post comments on this article ONLY.
If you want to ask a question click here.


Free Tech Support -- Ask Bob Rankin
Subscribe to AskBobRankin Updates: Free Newsletter

Copyright © 2005 - Bob Rankin - All Rights Reserved
About Us     Privacy Policy     RSS/XML


Article information: AskBobRankin -- Dump Adobe Flash NOW? (Posted: 16 Jul 2015)
Source: https://askbobrankin.com/dump_adobe_flash_now.html
Copyright © 2005 - Bob Rankin - All Rights Reserved