Flash - Past its use-by date

What is Flash?

Flash is a browser plug-in that allowed web site builders to create sophisticated mini-programs that run inside the browser window. It has been used by many web sites and web services. Until recently, YouTube was a big user of Flash to display the sites videos. There are also many automotive companies that use Flash for their product "configurators".

Flash is popular with web developers because it allows them to create one set of assets for the website and have them run on any computer inside any browser.


What's the Problem?

The problem with Flash is three-fold. Firstly, it has always been a bit too buggy and it has always been a major resource hog. If you are using just your browser and you have Flash installed, it will slow your computer down.

In these days of fast, cheap computers, you may not care. However, the harder your computer works during its life, the shorter its life is. Despite what you may think, silicon chips (both memory and processors) degrade over time and if they spend a lot of time being hot due to high load processing, they degrade faster.

The second issue is mobile. Neither Apple (in the form of iOS), nor Google (in the form of Android) supports Flash. This means anyone who has a website that they wish to be available on mobile devices, must have a non-Flash version. Otherwise, their visitors end up with a worse experience on mobile platforms. This is important, because mobile is becoming the driving factor in internet traffic. Anyone who has teenage children, will have witnessed their preference to use mobile devices over desktop devices.

Google and Apple don't support Flash on their mobile platforms mainly because of the first point (it quickly drains batteries), but also because of the next point.

Thirdly - The performance and mobile problems are minor though, compared to the security issue.

Flash is the single biggest security hole in any given computer (after the bag of meat sitting behind the keyboard of course). Flash has always had security problems and in the last year, so many have been found that major internet players are lining up to get rid of Flash.

  1. Alex Stamos – Head of Security at Facebook
  2. Mark Schmidt – Head of Firefox Support at Mozilla
  3. Brian Krebs – Award winning computer security journalist
  4. Steve Jobs – you know who he was right?

The rush to leave Flash behind has been created due to a recent hacking event, involving an Italian company called Hacking Team. Hacking Team sell hacking software to Police Forces, Security Forces, Military Forces and Governments around the world (including ASIO and the AFP). Hacking Team have been shown to have sold their tools to many Western organisations as well as many repressive regimes.

Early in July 2015 Hacking Team was hacked. Almost 400GB of data from their servers were released onto the open internet, including details of at least three major (and as yet undiscovered) security flaws in Flash that have certainly been used to compromise computers somewhere.


What can I do About it?

By now, you should be convinced that you need to get rid of Flash. It’s a computing liability. Get rid of it.

If you choose to remove Flash from your computer, you can do it by following these instructions:

What if I need Flash?

Should you have some pressing need for Flash (you shouldn't, and if you do you should be having some frank discussions with the owner of the website that makes you use it), you can use Google Chrome. Chrome comes with its own Flash that is "sandboxed": ie, it is hidden from other programs on your computer. Make no mistake though – even in Chrome, Flash is dangerous. It's much like running across the road in peak hour traffic over and over again. It's not a case of IF you get run over; it's a case of WHEN. With Flash, it's not a case of if your computer is compromised; it's a case of when.

If you use Chrome on a daily basis, it is wise to disable Flash and only re-enable it when you absolutely must.



Author: Ross Bamford, Partner of nem Australasia and IT enthusiast.
This article is based on research and opinion available in the public domain.