Adobe Flash: kill it now


It’s time to put Flash out of our mis­ery once and for all. And, thanks to Google, it may fi­nally hap­pen

Some pro­grams – cough Win­dows, cough – are full of se­cu­rity bugs, but they’re so pop­u­lar that we can’t get rid of them. That is why Adobe Flash con­tin­ues to be widely used. But it could be that the end is near, at last for the bu­grid­den mul­ti­me­dia plat­form.

Flash, of course, though widely used is also ve­he­mently hated in some quar­ters. Steve Jobs fa­mously trashed it twice. First, in 2008, he said that Flash for desk­tops and note­books “per­forms too slow to be use­ful” on the iPhone, and the mo­bile ver­sion “is not ca­pa­ble of be­ing used with the web”. Then, far more fa­mously, in 2010, he de­clared that Flash wasn’t good enough for iPhones and he wouldn’t have it in his de­vices.

He was far from the only hater, but it didn’t do any good. To­day, you can run Flash on iOS us­ing third-party pro­grams such as the Puf­fin Web browser to get your Flash fix.

It’s no se­cret that when it comes to se­cu­rity, Flash leaks like a sieve. And while that cliché is ap­pro­pri­ate, it doesn’t cap­ture the mag­ni­tude of the prob­lem. We’re all techies here; let’s look at some hard num­bers. Col­league Michael Horowitz counted up Flash’s bugs through mid-May for 2015. Take a guess how many he found. Give up? He dis­cov­ered 78.

And has a cha­grined Adobe done much bet­ter since then? Not on your life. Since then, 86 more bugs have been found. That’s 164 all to­gether, which means a bug was be­ing dis­cov­ered ev­ery day-and-a-half, on av­er­age, or one bug ev­ery day for the five­day busi­ness week. That’s got to be some kind of record, though not one that any­one will want to match any­time soon.

If you’re an Adobe Flash pro­gram­mer, this is all great news; you’ve got ex­cel­lent job se­cu­rity as long as ad­ver­tis­ers and web­sites con­tinue to use Flash. If you’re any­one else, there’s noth­ing great about it.

Flash’s days num­bered

You might find that hard to be­lieve if you have any idea how much it is still be­ing used. When I browse the in­ter­net with Google Chrome, I block Adobe Flash con­tent au­to­mat­i­cally, so in­stead of Flash con­tent, I see grey boxes. And I see them ev­ery­where. There are few sites I visit that don’t have Flash-based ads. Ac­cord­ing to Ad Age, which should know, 84 per­cent of ban­ner ads are still built from Flash.

Peo­ple are also still play­ing Flash games. Jerome Segura, se­nior se­cu­rity re­searcher at Mal­ware­bytes Labs, says that de­vel­op­ers are still us­ing it. “There are peo­ple in the gam­ing in­dus­try who are still very at­tached to Flash,” he says.

And while YouTube dropped Flash for HTML5-based video in Jan­uary 2015, many other video sites still use it. Last, but oh I how wish this were least, some web­sites’ user in­ter­faces are still writ­ten in Flash.

First, Mozilla be­gan block­ing all ver­sions of Flash Player from run­ning au­to­mat­i­cally in Fire­fox in mid-July. Then Face­book ad­mit­ted in an SEC 10-Q that Flash vul­ner­a­bil­i­ties are af­fect­ing its “abil­ity to gen­er­ate Pay­ments rev­enue.” This prompted fed-up Face­book chief se­cu­rity of­fi­cer Alex Sta­mos to tweet, ”It is time for Adobe to an­nounce the endof-life date for Flash and to ask the browsers to set kill­bits on the same day.”

Then, on 27 Au­gust the grum­bling about Flash got se­ri­ous. Google an­nounced in its AdWords Google+ page that: “Chrome will be­gin paus­ing many Flash ads by de­fault to im­prove per­for­mance for users. This change is sched­uled to start rolling out on Septem­ber 1, 2015.”

That means all those splashy video Flash ads will stop in their tracks. That’s no way to im­press the pun­ters. Google will au­to­mat­i­cally trans­late some of these ads into HTML5 video. But some ads won’t con­vert. The only way you can tell be­fore­hand is to test the ads with Google’s Swiffy ex­ten­sion. If your ads don’t come over – well, Google sug­gests you get crack­ing in cre­at­ing HTML5 ads.

This move is go­ing to be the real Flash killer. Google AdWords ac­counts for about two out of three ads seen on the web. If ven­dors can’t reach their cus­tomers with Flash ads, they’re go­ing to aban­don it.

Flash is fi­nally com­ing to the end of the road. Adobe has no-one to blame but it­self for this. Flash is al­most 20 years old, and still a month doesn’t go by with­out a se­ri­ous se­cu­rity prob­lem. That’s why I se­ri­ously doubt it will live to see its 21st birth­day.

Newspapers in English

Newspapers from UK

© PressReader. All rights reserved.