With any web technology there comes a time to move on to the next level. Unfortunately, it is time for Adobe Flash users to move on. Adobe Flash vulnerabilities and security issues have made it notoriously insecure, resource intensive, and poorly supported on mobile devices. The process for phasing out Flash has been underway for some time, and now may be an advantageous time for developers and end users to move on from Adobe’s long-time media platform.
This week we’ll discuss:
It’s impossible for all software to be free of all vulnerabilities. However, Flash seems to have more than its fair share.
Flash is a popular attack vector due to its past ubiquity and cross-platform nature. New vulnerabilities are discovered and patched, only for new vulnerabilities to be found in the new version. In the world of security, Flash is a large problem and using it, especially outdated versions, opens users to many different types of intrusions.
Ever experience a browser crash while watching a Flash video? That’s because Flash can use large amounts of system resources. This usage can cause performance issues and slow the browser and machine.
Lastly, Flash isn’t available on most mobile devices, which comprise the current majority of Internet users. More and more internet traffic comes through mobile devices and this means that mobile users won’t be served on equal footing with laptop or workstation users. The available alternatives to Flash may be faster and more efficient, and may provide better support and security. We’ll explore those now.
HTML5 is the next generation of web development technology and may go a long way to replace the need for Flash. It is more secure, mobile friendly, cross-browser compatible, resource friendly, and provides better data storage.
Mobile browsers support HTML5, making it an effective tool for building interactive, yet mobile friendly, sites. All current desktop browsers support it as well. HTML5 supports local storage allowing the app to store user information such as the application state.
While there is no current timeline for Flash’s end of life, it seems fast approaching. Adobe recently announced end of support for Flash Professional in January. However, this is simply a rebranding of Flash to Adobe Animate CC. Animate CC will still support the creation of SWF files, but will also support HTML Canvas and WebGL. This is a small but significant step towards the end of life for Flash.
For developers, it may be time to make the move away from Flash. Some may find that switching to HTML5 and Canvas may improve security and performance. It’s not difficult to make the change as there are tools, such as Google’s Swiffy tool, that converts Flash SWF files to HTML5. Tools like this make it easier than ever to move away from Flash.
For users, from a pure security standpoint, it’s recommended to turn off Flash in browsers and keep it deactivated unless absolutely necessary. This removes the large attack surface that Flash provides to bad actors and will help avoid many unwanted intrusions. Users can also install browser extensions to force the use of HTML5 in most browsers.
From the hamburger menu or the three horizontal dots, depending on which version of Chrome you’re running, in the upper right, click Settings and scroll down to “Show advanced settings.” Under “Privacy,” click “Content Settings.” Scroll down to “Plug-ins,” then “Manage Individual Plugins.” There you’ll have the option to turn Flash on or off.
Click the ellipsis menu in the upper right, then Settings =>Advanced Settings. Flip the Adobe Flash toggle to “Off.”
In Firefox, you’ll need to go to the hamburger menu in the upper right, click the “Add-ons” menu, then set the Shockwave Flash plugin to “Never Activate.”
Click the gear Settings icon to the upper right. Scroll down to “Manage add-ons.” When you’re presented with a list, click on the “Shockwave Flash Object” and the “disable” button down in the lower right.
Now is the time for HTML5 to take over and bring a more efficient and secure browser experience to the internet. In the interests of user Internet security, consider turning off Adobe Flash except when absolutely necessary. If you’re a developer, look into changing the Flash animations on your sites to HTML5. Your future users will appreciate it.