(Adobe)
Google and Mozilla
each announced this week that their Web browsers will be dropping
default support for Adobe Flash, citing the plug-in software’s newly
discovered vulnerabilities to cyberattacks. These moves came only a few
days after Facebook’s chief of security called for Adobe to set an “end of life” date for the oft-exploited 20-year-old platform.
Even
if you don’t exactly know what Adobe Flash is, this is important news.
Whether you know it or not, odds are pretty high that Adobe Flash is on
your computer right now, possibly putting your system and your personal
information at risk.
Don’t
panic. Take a deep breath and read our Adobe Flash security threat
guide. We’ll help you figure out why it might be best to banish Flash
from your life, just like Google, Mozilla, and Facebook want you to do.
And we’ll tell you how to go about doing exactly that.
So what is Flash, exactly?
Adobe
Flash is a software platform that runs video, animation, and games
inside of Web pages. Flash was born at the dawn of the Web in 1996 and
quickly became the standard for Web video, especially after a little
startup called YouTube began using it in 2005. But now it’s largely
obsolete, as most Web sites and apps use different technologies for the
same purpose.
Why is Flash a problem?
The
very thing that made Flash so popular — its ability to run complex
scripts from websites you visit — can also be used for malicious
purposes.
Computer
scripts written in Flash can directly access the memory on your
computer, which is just inviting attacks, or “exploits,” says Chase
Cunningham, a cyberthreat expert at security company FireHost. “Anytime a
site is able to access your computer’s memory, it’s able to make
changes on the local machine itself [your PC]. That’s when you run into
exploits.”
Flash
has long been one of the biggest attack methods of choice for
cybercrooks and spying governments, as security vulnerabilities turn up
on an almost daily basis. Just this month, Adobe put out security alerts
and fixes for 38 vulnerabilities in Flash Player. Last week, it came
out that a company called Hacking Team had been using previously unknown flaws in Flash to create spyware that it sold to oppressive governments in countries such as Sudan and Saudi Arabia.
Flash
also uses up a lot of computing resources and can bog systems down. “We
… know firsthand that Flash is the number one reason Macs crash,” wrote
Steve Jobs in an Apple blog post from April 2010.
Do I have Flash on my computer?
You
probably do — especially if you are using a Windows PC, rely on an
older browser, or were prompted by a Web site to install it.
In
October 2010, Apple announced that it would no longer install Flash
Player on its computers — including its Safari Web browser — although
users could install it on their own if they wanted to.
The latest version of Mozilla Firefox launched with a block for Flash Player (though after an update Tuesday by Adobe, Mozilla has re-enabled use of the plugin in its browser). Google’s Chrome browser comes with Flash, but it is disabled by default.
However,
you may have installed or enabled Flash Player if a website prompted
you to. “I would say probably 97 to 98 percent of systems out there have
some version of Flash running on them,” said Cunningham.
You can visit this page on Adobe’s website to see if the computer you’re using has Flash installed.
What about my phone?
Chances are good that Flash is not on your smartphone or tablet.
Apple
completely banned Flash from its mobile devices running the iOS
operating system, such as the iPhone, iPad, and Apple Watch. Apple’s
rejection of Flash helped spur Web and software developers to use other
technologies for delivering video or animating games.
Google’s
Android mobile software briefly supported Flash, but it was generally
choppy and used up more battery than other formats. In 2012, Adobe
dropped support for Android, and Flash has been absent since Android 4.1
(Jelly Bean), which came out that same year. (Adobe also dropped
support for BlackBerry and Windows Phone.) If you have an iPhone, or any
other smartphone bought in the past couple of years, you don’t have
Flash.
Don’t I need it on my computer?
Generally
not. Most websites have switched over to another video format, called
HTML 5. It’s the default on both YouTube and Vimeo, for example. So
unless you know you need Flash for a specific site, it’s best to
uninstall it or block it.
How do I get rid of this nasty thing?
For Internet Explorer, follow Microsoft’s instructions for how to turn off or remove add-ons.
For Chrome, see Google’s instructions specifically for disabling Flash Player.
If you have Safari on a Mac, follow Adobe’s own instructions for removing it.
For
Firefox, type “about:addons” into the browser’s address bar, click
Plugins on the left side of the page, scroll down to Shockwave Flash,
then click the dropdown menu on the right and select Never Activate.
With Firefox, you can also install a Web browser extension called NoScript, which blocks not only Flash but also other scripts that attackers can exploit, such as JavaScript.
Once Flash is gone, will older videos still play on my computer?
If
a website requires Flash to display videos or animation, you will need
to install Flash to watch it. There’s no way around that.
It’s
typical for Flash-based sites to display alerts when they detect that
Flash is not installed. If you see this — and you absolutely must view
that video — we recommend downloading and installing Flash directly from
Adobe.com, as fake installation popups that lead to spyware are an age-old trick employed by untrustworthy websites.
Luckily
all the popular Web browsers allow you to temporarily install or enable
Flash for only the times you happen to need it. So if you’ve installed
Flash to view a website (many U.S government sites use it, for example),
it’s probably a good idea to disable it as soon as you are done there.
So
that’s everything you need to know about the risks and rewards of the
Flash dance. Considering all the above, conventional wisdom dictates
that living Flash-free is probably worth trying. After all, if you
didn’t know what Adobe Flash was before reading this article, there’s a
good chance you won’t miss it once it’s gone.
UPDATE: Adobe has released a new version of Flash that Mozilla Firefox does not block by default.
Sean Captain is a freelance tech and science writer based in New York City. Follow him on twitter @seancaptain or send tips to seantech@seancaptain.com.
0 comments:
Post a Comment