Adobe Flash—that insecure, ubiquitous resource hog everyone hates to need—is under siege, again, and hopefully for the last time. The latest calls for its retirement come from some of the Internet’s most powerful players, but if the combined clattering of Facebook, Firefox, and a legion of unsatisfied users isn’t enough finally to put it in the ground, scroll down to see how to axe it from your devices yourself.
Why would you want to?
Because Flash is a closed, proprietary system on a web that deserves open standards. It’s a popular punching bag for hackers, which puts users at risk over and over again. And it’s a resource-heavy battery suck that at this point mostly finds its purchase in pop-up ads you didn’t want to see anyway.
Open or closed means little to me – other than so-called open is even easier to hack than a crappy, poorly-designed closed system like Flash. Nothing is hacked more often than Linux.
This week, in the wake of newly discovered vulnerabilities in Flash, Facebook security boss Alex Stamos called for a termination date for Flash, and late Monday night Mozilla disabled all current versions of the plug-in by default in its Firefox browser. Even Google is limiting Flash’s impact; last month, it announced that future versions of Chrome will “intelligently pause” Flash-based content that isn’t part of a website’s core experience (e.g. video ads).
That doesn’t mean this is the end … yet. Facebook still uses Flash to play video on some browsers, and Firefox reintroduced Flash support on Tuesday when a secure update arrived. The point is clear, though: Flash is officially more trouble than it’s worth. <a href="http://www.wired.com/2015/07/adobe-flash-player-die/'>Flash. Must. Die. | WIRED.”>And it has been for some time.
…Killing of Flash has been on-trend since being software non-grata on the original iPhone. Steve Jobs penned a famous open letter in April, 2010, explaining why he wouldn’t let Flash anywhere near Apple’s mobile products, highlighting concerns over openness, security, and its impact on battery life.
More than five years later, the case against Flash remains largely unchanged—and the security problem is the most immediate and important. After all, the newly discovered critical vulnerability that led Mozilla to quarantine Firefox from Flash was the third problem of its kind discovered this week thanks to a data breach of controversial digital surveillance firm Hacking Team…
However actively Adobe has been working on Flash Player security, it doesn’t seem to be enough. This week’s mistrials are but the latest in a string of security lapses that have plagued Flash for years. Exploit kits—packets of code that take advantage of these sorts of vulnerabilities in your browser to push malware or ransomware—have used Flash to futz with countless sites. So-called zero-day vulnerabilities (a security hole that hackers find before the software company does) are found on Flash with such regularity they almost feel like a feature.
The good news is, you don’t have to wait for Adobe to pull the plug. You can do it yourself.
RTFA for instructions re most browsers.
I stopped concerning myself when iOS stopped running it in any of Apple’s mobile devices. The pressures exerted by Steve Jobs at the time pushed Google into speeding up their pace of adopting html5 everywhere – especially at YouTube. If you show up at YouTube without Flash installed, the site automatically switches into an html5 version of whichever video you’re looking for.
If I run into a site that refuses to run anything other than Flash – most often, the BBC, nowadays – I don’t run their videos. No need to tempt some script kiddie.