Here’s how and why you should disable Flash

Posted by

No, flash is not dead. Together with Windows XP, it’s part of that zombie league of dangerous vulnerable software that just won’t go away.

This is mainly because there are some developers and users out there who obstinately continue to use it even though for all intents and purposes it now past its useful date. I cannot think of a single reason why anyone would opt to use flash content over HTML content.

Like every hustling Zimbo, I have my fingers in every pie as I try to eke a living in a harsh economy. A good part of that time is spent on the internet doing all sorts of things, including research and just plain pleasure surfing. I can therefore safely say I am a voracious consumer of web content.

Do you really need flash?

After reading article after article, research paper after research paper from various security companies on the never ending vulnerabilities of the plugin, and after being inspired by some security blog on the internet, I decided to do what would be to most of you, the unthinkable.

advertisement

I decided to disable flash player in all my browsers. My laptop has Ubuntu installed on it, and being a security conscious user, I always keep it up to date. After a lot of research I was convinced that Flash was the Achilles heel on my machine, a hack waiting to happen.

The question uppermost in my mind when I decided to make this little experiment was; Do I really need flash? I know of a good number of websites out there that bug users  and ask them to install the plugin, but can you really live without it (flash)?

Well, that was several weeks ago. I have been living flash free for the last six weeks or so and guess what, there has never really been a reason for me to use it.

It reminds me of all those sites that continued to ask people to install the JRE on their PCs so they could use Applets, I know one silly web hosting site that still requires it if one wants to access their VPS remotely.

That is inexcusable ineptitude in my opinion. Modern browsers do not need plugins to allow one to use a ssh client in their browser. I use codeanywhere.com frequently enough to know that for a fact. If you are a developer you really need to quit the flash bandwagon before it’s too late for you. I know some people (quite a few really) who still go about muttering COBOL and  Fortran stuff even though it’s 2015 and no one is listening to them.

Now in the aftermath of the hack of the black sheep security company: Hacking Team and the discovery of how a good number of the tools they sold relied on vulnerabilities in flash, the chorus for people to kill off flash and uninstall it from their computers has reached a crescendo.

For those among us who think Facebook is the internet, who start and end their use of the internet using the social media service, it is worth noting even they have called for Flash to die.

Mozilla, the people behind Firefox the third most used browser, have taken the drastic step of disabling it by default in their latest browser update. And Google, the guys behind, well, the internet really, have disabled it from the latest iteration of Chrome.

Why?

Because after the Hacking Team was hacked (and became the Hacked Team) their collection of current flash vulnerabilities were unleashed into the wild and now both serious talented hackers and script kiddies have in their possession exploit kits which take advantage of unpatched vulnerabilities in Flash.

I feel the need to repeat this there are currently known Flash vulnerabilities in the very version of flash you are currently using that will allow anyone to break into your computer right now if they ever felt like it!

In the wake of the Hacking Team hack, I have been hugging myself and telling anyone who can listen that they need to disable flash player too. It is so easy anyone can do it in a couple of seconds and if there is really any website that you cannot live without that makes use of flash, you can easily enable it again. You can also set Flash so that it requires you to actively allow it to play content i.e. “the click to play mode.”

Disabling Flash.

1 In Mozilla Firefox.

  • Try just updating to the latest version of Firefox wherein flash is blocked by default.
  • Or go to tools>addons>plugins>set shockwave flash and select the “ask to activate” option.
  • This will enable the click to play feature which will enable the “click to play mode”
  • You can also take the sensible step to disable flash entirely.

2 Google Chrome

  • The latest browser from when I updated this morning has flash disabled by default.
  • Or type chrome: plugins in your address bar.
  • This will open the plugins page.
  • Find the listing for flash and click disable.
  • You should disable both the system wide plugin and the one that comes bundled with Chrome if both are listed here.

3. Internet Explorer.

  • Click the gear icon on the extreme top right corner of your browser.
  • Select the “manage add-ons” options.
  • Find the listing for Shockwave Flash object and
  • Click disable and close.

Depending with your needs you may have to occasionally enable flash on certain websites, but unless these are life and death situations you should stay away from flash. FYI YouTube will still work whether flash is enabled or not so you still get to watch the cat videos so what more do you need.

You will also get much-needed relief from those unscrupulous websites that show bandwidth guzzling flash video ad that have several videos with autoplay set on by default. HTML now does all the things that flash does, is SEO friendly, has none of the security vulnerabilities in flash, is transparent, does not require you to download an add-on and is not owned by some corporation.

Death to flash!



3 Comments

  1. Google includes the sandboxed (PPAPI) Flash plug-in with Chrome and they have already updated it in their latest version. I use Chrome and I have enabled Click To Run to mitigate the effects of vulnerabilities and attacks in Flash if they do occur.

  2. Sinclair says:

    There is also the Flashblock plugin for Firefox and Chrome that gives you the option of allowing Flash on certain sites but disable it by default (click to play type)

  3. Brian says:

    There are some things that still require Flash. At least in Linux. DRM movies rented and streamed from Amazon or Google Play still require Flash. Until HTML5 can handle these, I will continue to have Flash installed in a click-to-run fashion.

Leave a Reply

Your email address will not be published.