Goodbye Flash plug-in!

December 5, 2014

updated 2016-09-11

by PAUL WAGENSEIL Jun 17, 2016
You Should Disable Adobe Flash Player Now: Here’s How
a large chunk of the malware attacking web browsers worldwide is dependent on Flash Player flaws.

… the Flash plugin is entirely unnecessary nowadays and serves only as a [tool] for the delivery of viruses.
Hacker’s Manual 2016 page 32

April 8, 2016
Time reports that this latest Flash vulnerability has already been exploited … to hijack a system, lock the user out, and demand payment. If the user agrees to pay a ransom via the Internet, their system is released. If they refuse, they are denied access to their programs and files.
pc’s using Flash version or older, are likely to have been compromised.
According to USA Today, this is only the latest in a long line of instances where Flash vulnerabilities have been exploited to inject viruses or malware. The late Steve Jobs even posted a 1,700 word rant on the topic in 2010.

August 7, 2015

"voices" from the tech industry are demanding Adobe to completely shut down Flash once and for all.

Just last week, a major security vulnerability was unveiled by Hacking Team. There are major Flash exploits which have been targeted by cybercriminals and one still presents difficulties for the Adobe team.

… with the enhancements in HTML 5 …, developers have no trouble leaving Adobe far behind.

If you use Chrome, you will see a built-in variant of the Flash Player. It is in fact a pretty shielded version, but it also suffered from the damaging exploits performed by the Hacking Team.
If you want to disable the Flash Player, simply enter chrome://plugins (in the address bar) and your next step is to tap the “disable” icon which should be located under the Flash Player. Important: It’s best to bookmark the latter page because you might come across sites that will require you to use Adobe Flash Player. So, if this happens you can enable it once more and afterwards quickly disable it.


tech influencers are now calling for Adobe to kill Flash entirely



How to Set Adobe Flash Player to Click-to-Run

To maximize your Web security and defeat the seemingly endless supply of malware that exploits the innumerable flaws in Flash Player, you should change your browser settings so that Flash Player plays only the content that you select by clicking on it.
Here’s how:


It’s time to uninstall Adobe’s Flash from your Mac

The recent tidal wave of critical vulnerabilities in Adobe’s Flash Player has prompted many security professionals to call for the much-maligned software’s demise, and we agree.

Adobe has patched more than twenty Flash vulnerabilities in the last week — some of them days after active exploits were discovered in the wild — and issued over a dozen Flash Player security advisories since the beginning of this year. Flash has become such an information security nightmare that Facebook’s Chief Security Officer called on Adobe to sunset the platform as soon as possible and ask browser vendors to forcibly kill it off.

Though most exploits are targeted at Windows, Mac users are not invincible. Thankfully, Flash is easy to remove and most of your favorite sites and Web services will continue to work fine without Flash installed. YouTube, Netflix, and a host of others have either made the shift to HTML5 video or use alternative technologies, like Microsoft’s Silverlight.

If you insist on keeping Flash installed and won’t use ClickToFlash, at the very least make sure Flash can update itself automatically by enabling automatic updates in System Preferences → Flash Player. Then perhaps you should take a long, hard look at your life choices.



Jul 12, 2015

Second Flash Player zero-day exploit found in Hacking Team’s data

According to researchers from Trend Micro, the new exploit affects the latest versions of Flash Player on Windows, Mac and Linux and can be easily adapted to execute a malicious payload, like a malware program.

These exploits were likely provided by Hacking Team to its customers so they can deploy Remote Control System (RCS), the company’s powerful spyware, on the computers of users targeted for surveillance. The exploits allow malware to be silently installed when users visit a website, an attack technique known as a drive-by download.

It’s not clear if these two Flash Player exploits were developed by Hacking Team’s employees or if they were acquired from third-parties. Leaked emails from Hacking Team reveal that the company was buying exploits through brokers and from individual researchers, but that it also had an internal research team for developing such attack tools.

The revelations are likely to fuel the debate about the zero-day exploit market and whether it’s ethical for government agencies to contribute to Internet insecurity by creating the incentive for private companies and security researchers to stockpile critical flaws for profit instead of reporting them to affected vendors.

In May, the U.S. Commerce Department proposed changes to an international arms control pact called the Wassenaar Arrangement that would enforce export controls for software exploits and other computer intrusion software. The proposed changes are open to a two-month comment period.



Apple and Adobe Flash controversy

When Flash finally did ship on Android devices, it didn’t provide users with the full web, as was promised. Android users who wished to watch videos on Hulu through the Flash browser, for instance, were met with a message saying that the content wasn’t available on the mobile web. Same thing for users who tried to access most premium video sites on Google TV, which also supported Flash. More importantly, even when those videos or interactive Flash elements did appear on Android devices, they were often wonky or didn’t perform well, even on high-powered phones.

[D]espite Adobe’s multiple attempts to breathe life into Flash on other mobile devices — namely, Android and BlackBerry OS, two of Apple’s main competitors — the company hasn’t delivered. In’s testing of multiple Flash-compatible devices, choppiness and browser crashes were common.
“Adobe can’t do it because Flash is a resource hog,” said Icaza. “It’s a battery drain, and it’s unreliable on mobile web browsers.”
Jobs also says Symantec highlighted Flash as having a terrible security record.

Though Flash was held up as a selling point—and a differentiating point—for Android and other devices positioned against Apple’s notorious anti-Flash crusade in iOS, Adobe was never really able to smooth over performance, battery, and security issues.

Adobe’s Flash Surrender Proves Steve Jobs And Apple Were Right All Along With HTML5 … After a big fight with Jobs, Adobe is now on board to start developing tools using HTML5, the technology Jobs championed.


Apr 21, 2015

Google is now downgrading their rating of
any website that continues to use flash.

Google will be updating its mobile search algorithm so that search results will lead to content that is usable across all mobile devices. Google explained on its Webmasters Mobile Usability post that it will be prioritizing websites that are:

Free of technologies (such as Flash) that are no longer rendered by most mobile browsers.

By all accounts, the impact of Google’s mobile-friendly algorithm is predicted to be huge.

Avoid Flash plugins

"Your page uses plugins, which prevents portions of your page from being used on many platforms. Find alternatives for plugin based content to increase compatibility.
Find alternatives for your Flash plugins.

factors such as readability, responsive design and not using non-mobile friendly software (like Flash) will also be taken into consideration in a website’s search ranking.

Apr 21, 2015
Google announced earlier this year that it was making a change to its search algorithms which would begin to factor in a website’s “mobile-friendliness” as a ranking signal – meaning that those sites which weren’t optimized for smartphones’ smaller screens would see their ranks downgraded as a result. Today, Google is flipping the proverbial switch and is rolling out its mobile-friendly update – something that could potentially affect over 40 percent of Fortune 500 websites, according to recent tests.

As Google explains today, in order for a site to be considered mobile-friendly, its text has to be readable without tapping and zooming, its tap targets need to be spaced out appropriately, and the page avoids unplayable content or horizontal scrolling. In other words, the site simply needs to be easily usable from a mobile device.

It’s surprising how common it still is to come across websites from top brands which haven’t been properly optimized for the smartphone or other smaller screens. Apparently, they do need the threat of a downgrade from Google in order to make any changes.

But the shift to mobile cannot be ignored any longer by these big brands – or anyone else. According to eMarketer, the number of smartphone users worldwide will surpass 2 billion in 2016, and will come close to hitting that mark this year. In 2015, the firm said there will be over 1.91 billion smartphone users across the globe. And by 2018, over one-third of consumers worldwide will use smartphones.

Meanwhile, popular mobile properties like Facebook have been cutting into Google’s ad business. eMarketer noted that Google owned half of the mobile ad market in 2013, but that would decline to 46.8 percent in 2014. Meanwhile, Facebook’s share of the market grew from 5.4 percent of global ad spending in 2012 to 21.7 percent in 2014, the firm said.

Google’s decision to force website owners to make their sites work better on mobile devices, then, isn’t just about making web searchers happier; it’s about making sure that Google can retain its position as a useful service in the age of mobile.

Apple devices accounted for 59 percent of all smartphone visits in the quarter, during which time 28 percent of all online revenue was generated by mobile devices.

If a site is determined to not be mobile-friendly, Google warns that “there may be a significant decrease in mobile traffic from Google Search.” But once the changes are made, Google will automatically re-process the site’s pages.

Problem with Flash on 64 bit computers

Turns out Flash has problems in all 64 bit operating systems. Internet-Explorer-64-bit does not even work with Flash. Adobe is preparing to discontinue the Flash player plug-in (see below). Microsoft is providing an alternative by including the old Internet-Explorer-32-bit in 64 bit Windows 7.

Another Good Reason to remove Flash from 32 bit computers

website control of your webcam

Web sites advertisers can now silently access your camera and/or microphone and write up to 13 copies of a new type of cookie that was quietly introduced last year. It’s officially called the Local Shared Object (LSO), commonly called a Flash cookie or Evercookie. More persistent than HTTP cookies, it can hold 100 kb of binary data [executable], and it requires creating new web browser extensions to remove.

From Google Analytics Help Center:

The Flash implementation for Linux can be very problematic, and users of Debian and Ubuntu seem to be especially affected and … "due to the lack of updates and Flash plugin development for Linux," it may be a while before the problems are fixed.

(also, the Web-Developer and AdBlock extensions in Firefox are known to cause issues right now – October 2010)

The good news is that HTML5 will make flash un-necessary.
"Adobe has made Flash very expensive, and it is falling out of favor with smaller and hobby developers."

The Days of Flash Are Numbered

Adobe is gearing up to release CS5 to the public, and during their presentation showed off a new tool that will export Flash animations into HTML5 Canvas.

Flash CS5 will allow for Flash developers to export their old and new animations directly into HTML5 Canvas code to paste onto their websites. This will enable users with HTML5 supported browsers to experience Flash animations without the need for Flash installed.

With Microsoft’s Internet Explorer 9 in the works, supporting HTML5, all the top browsers now support the HTML5 Canvas code. Developers will now be able to get their flash animations and websites to work on any browser, without the need for Flash to be installed.

Posted by Andrew | 15 September, 2010
"If a while back Adobe wasn’t very interested in its 64bit Linux users and discontinued Adobe Flash Player 10.1 for 64bit, the new Adobe Flash Player 10.2 codename "Square" developer preview released by Adobe today is also available for 64bit Linux systems (and obviously, 32bit too)."

[until IE9 and others are out supporting HTML-5’s "canvas", Adobe must feel it important to continue to support their current customer base.]

Leave a Reply

Your email address will not be published. Required fields are marked *

We try to post all comments within 1 business day