Time To Die: Let’s Resolve To Get Rid Of Flash Already

Adobe Flash, the standard that animated the early Web, is going the way of the dinosaurs—even YouTube has now transitioned to HTML 5. And its already battered reputation has taken further hits this year thanks to three serious security vulnerabilities that have emerged in just the past two weeks.

Enough is enough. It’s time for Web users to wean themselves of their lingering attachment to this buggy, outdated software … and uninstall Flash.

See also: ReadWriteWeb DeathWatch: Flash

True, not everyone’s going to be able to make the jump right away. Some internal corporate applications still require Flash; some websites still cling to it. But for your own safety, and for the good of the Web, you should make the effort.

Time To Say Goodbye

ReadWrite has cheered Flash’s impending doom since 2012. But no one makes the case better than the anonymous writers of the great Occupy Flash site write:

Flash Player is dead. Its time has passed. It’s buggy. It crashes a lot. It requires constant security updates. It doesn’t work on most mobile devices. It’s a fossil, left over from the era of closed standards and unilateral corporate control of Web technology. Websites that rely on Flash present a completely inconsistent (and often unusable) experience for fast-growing percentage of the users who don’t use a desktop browser. It introduces some scary security and privacy issues by way of Flash cookies.

They’re not kidding about Flash’s security vulnerabilities. The recent discoveries all involve so-called zero-day exploits, in which malicious hackers use or distribute tools that take advantage of previously undiscovered security flaws.

The first two exploits were somewhat less serious, as they required users to click on malicious links in spammy emails or texts. Most people are smarter than that these days—we hope.

The third one, though—discovered by TrendMicro—uses a malicious advertising vector, and thus affected far more users. Basically, anyone visiting a high traffic website infected with malicious advertisements could find their system hacked.

The security firm Malwarebytes found the ads on dozens of mainstream sites, including dailymotion.com, theblaze.com,nydailynews.com, tagged.com, webmail.earthlink.net, mail.twc.com and myj.uno.com. These ads would then redirect users to a landing page for the exploit kit Hanjuan that would do the real dirty work.

Take The Flashless Challenge

If the idea of having your laptop infected just because you visited an otherwise innocuous website doesn’t appeal to you, it’s time to get rid of Flash if you can. (Yes, Adobe has patched that particular vulnerability—but have you installed the patch? Will you install the next one, and the next one after that?)

Here’s how.

To Uninstall Flash

You’ll need to download and run an uninstaller program. Adobe offers instructions for Windows and Macs.

To Tame Flash If You Can’t Get Rid Of It

If you need Flash for work, or are addicted to DailyMotion, or can’t deal with Facebook and Amazon refreshing pages too slowly, another option is to use an extension like FlashBlock. This allows you to limit your Flash usage to the sites you select. While you’ll still be somewhat vulnerable if a popular site is infected with malicious advertising, it’ll lower your risk.

  • Firefox: Go to Tools->Add-ons->Plugins, where you can set Shockwave Flash to “ask to activate” (or “never activate”).
  • Chrome: Go to Preferences->Settings->Advanced Settings->Privacy->Content Settings->Plugins->Click to play (or block by demand)

If you’d prefer, you can use extensions such as Flashblock, available for Firefox and Chrome, or NoScript for Firefox.

It’s worth noting that Chrome’s sandbox provides some protection. No matter which browser you use, though, you’ll also want to install patches and updates as soon as they’re available.

Lead image by ReadWrite

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s