You know Flash? Haven’t thought about in a while, have you. For good reason! It’s less useful and less relevant than ever. It’s worth thinking about it one last time though — as you go to disable it in your web browser. Here’s how and why you should.
Even if you’ve never heard of Flash (which manifests in the form of a plugin called Adobe Flash Player, or “Shockwave Flash” in your browser), you probably have it on your computer and enabled in your browser. It used to be vital for things like watching YouTube, but now with the rise of HTML5, it’s practically useless, little more than a venue for hackers to mess with you.
I won’t pretend to be the first person to suggest you go cut Flash out of your browser or uninstall it wholesale — there’s actually a pretty well-organised campaign devoted to getting everyone to stop using Flash so it can die and we can all move on already. Between the dozens of Flash vulnerabilities that have been popping up lately, and the fact that nowadays it offers barely any benefit to justify its existence, I think it’s time for one last push.
Flash is insecure.
Chances are you’ve heard about Flash vulnerabilities recently. There have been a ton! Last month alone, Adobe Flash suffered from three zero-day exploits. That is to say three major security holes that Adobe had zero days to fix before they were out in the wild and being exploited by sketchy people. And this is nothing new; Flash has always been a hotbed for this kind of stuff.
To mess up your computer with vulnerabilities like the ones in Flash, hackers’ weapon of choice is something called an exploit kit. These are little, easy-to-use packets of code that are updated to keep track of the latest vulnerabilities in things like Flash and Java and Adobe Reader. When an exploit kit finds you, it looks at all the shit you have enabled in your browser and sees if it can get through any known holes. If it finds any, it uses them to screw you by doing heinous stuff like installing threatening crypto ransomware and all manner of other scary stuff.
To be clear, this can and does happen in all sorts of ways other than Flash (Java, Adobe Reader, I’m looking at you), but Flash is a big way in. Just search “Adobe Flash” on the National Vulnerability Database right now, and you’ll turn up over 50 individual vulnerabilities, almost all of them with a severity score of 10.0. Nice!
This isn’t some theoretical danger; it’s real. Just the other day, an exploit kit was found on the reasonably well-trafficked website of famous(?) chef, Jamie Oliver. It exploited Flash. It happens on more universally viewed sites as well. RedTube — a site that, well come on you know what it is — was hiding a secret exploit kit too, one that (obviously) targeted Flash. And countless more sites — dailymotion.com, theblaze.com, and nydailynews.com, for instance — spent some time infected by a network of bad ads that pushed exploit kits all over the web.
Adobe is pretty good about fixing these holes as fast as it can, but if you don’t update right away for whatever reason, you’re in trouble. And more and more vulnerabilities keep showing up. It’s a bad scene.
Flash is irrelevant.
All this would be pretty bad news if Flash actually mattered, but here’s the good news/punchline. It doesn’t. Like barely at all.
Waaay back in the day, Flash (previously Macromedia Flash and then Shockwave Flash) could pull off some great tricks. The software traces its roots back 19 years, and chances are you remember when it was cool, either for watching little videos or playing bite-sized online games. Years ago, Flash was basically the way do multimedia video and audio online.
But nothing gold can stay. Flash issued out its first dying screams when Steve Jobs made moves to keep Flash off of iOS devices in the early iPhone and iPad days. Some of it was political, but in an official statement Jobs really laid into Flash for sucking on a bunch of important practical fronts, security, performance, and battery life.
The avalanche of media outlets offering their content for Apple’s mobile devices demonstrates that Flash is no longer necessary to watch video or consume any kind of web content.
At the time it was a little bit of a reach, but today? Totally true. A year after the Jobs decree, Adobe officially gave up on mobile Flash, throwing its weight behind HTML5 for phones and tablets and leaving Flash to cater to laptops and desktop. Support for it has been dropping ever since. Android gave up. So did the Unity game engine. YouTube introduced an HTML5 option, and then switched it to the default earlier this year. Unless you are still going to Newgrounds or something, Flash is pretty damn useless.
I first started toying around with disabling Flash while trying to make Chrome run faster. Even after I switched to Firefox, I’ve kept it disabled. I can barely think of a time I’ve missed it. Pop-up ads won’t load (oh dear) and some particularly backwards proprietary video players will whine at you if they can’t find it. That’s it.
You really don’t need Flash anymore. All it will bring you is trouble.
How to get rid of it:
Flash exists as a software on your computer, but that’s not really the dangerous part. The trouble starts when hackers get access to it through the Flash Player plugin in your browser. There are several ways to stop this by blocking them at a number of points in the path. Here are a few, from simplest to most thorough.
Install a Flash-blocking browser extension:
What’s particularly nice about this solution is that you’ve probably installed extensions on your browser before, and this is as easy as that. Once you have these installed, you can click on Flash-objects on various websites in order to let them through, which is convenient if you really want to look at something. Just know that when you do that, you’re opening up the door for stuff to get in, so don’t do it on sketchy sites.
Disable or limit Flash in your browser settings
You don’t need an extension though. Every browser gives you the option to disable Flash entirely — which can be sort of a bitch if you wimp out for some reason and really wanna use it for just a second.
Here are some handy GIFs that will show you exactly where to go to do this.
In Internet Explorer 11:
You’ll also notice that most of these browsers have the option to set Flash to “Always ask.” This gives you the same effect as the extensions above, but I generally find installing the extensions to be a little easier, and find their methods for allowing you to temporarily allow Flash to be better than the built in browser options. Your call!
Uninstall Flash from your computer altogether
This is the nuclear option. It’s also pretty unnecessary; it’s the most intensive to perform, the hardest to reverse, and nets you basically no additional benefits. But hey, if you want to really commit, I say go for it. Here are links to uninstalling Flash on Mac, and on Windows. Linux users? Meh, you’re into figuring out things on your own.
Once you’ve got your solution set up, you’ve cut off one avenue of attack for hackers at the cost of virtually nothing at all. If you have an extension that lets you enable Flash by choice, you can even enable it for specific things on trusted sites, just be aware that you’re exposing yourself when you do so.
And make no mistake: Disabling Flash doesn’t make you invincible. Hackers are constantly using other — sometimes more essential plugins — to try and bust through to your computer too. It’s still important to keep your browser and everything inside of it up to date to try and limit the holes hackers might use to mess with you. Sketchy corners of the internet are always going to be sketchy.
But disabling Flash is a no-brainer and you are so so much better off without it. And if we all turn off the switch together, soon there’ll be no need to ever flip it back again.
Pictures: Michael Hession