Do you remember the end of Old Yeller, when the kid has to shoot his dog because it has rabies? The situation with Adobe Flash is a little like that, except that the dog isn’t rabid – it’s just not very good. And nobody actually ever loved it.
The Internet’s relationship with Flash has been rocky for a while. Since the creation of alternatives like HTML5 video, more and more major websites have been steadily dropping it – including giants like Netflix and YouTube. Things got a bit heated last month when Firefox became aware of a critical security vulnerability within the software, and blocked the plugin entirely.
Shortly thereafter, Facebook’s chief of security publicly called for Adobe to announce a kill-date for Flash, and Google Chrome began blocking auto-playing Flash ads by default.
In the aftermath of the block, Flash made an effort to beef up its security in an effort to justify its existence. Unfortunately, it’s recently become clear that the added security precautions were broken less a month after they originally premiered. The new exploit was discovered by security researcher Kafeine, writing for hacker blog “Malware don’t need coffee.” This is yet another reminder of just how much of a security nightmare Flash really is. The new exploit has already been included into an automated hacking toolkit, which is used to place malware on user computers.
Flash From the Past
Flash used to a be a universal standard on the web. Now, it looks like it may be headed to the chopping block. So what changed?
As it turns out, the answer is “nothing” – and that’s the problem. Flash is a little like that friend of yours from highschool who still lives with his parents and thinks ‘pull my finger’ is funny. He hasn’t changed a bit, but at some point he stopped being fun to hang out with.
Flash is very much the same piece of software that it was in the early oughties. However, as the web has grown up around it, Flash had failed to keep up. In a world of open-source, Flash is entirely closed and proprietary. In a world of web apps designed to run well on lightweight platforms like tablets and phones, Flash is a memory-and-battery-sucking monster. In a world increasingly aware of the importance of security, Flash is riddled with holes and years-old unpatched code. It’s not surprising that Flash has proved to be a fertile ground for hackers.
Yes. Ending flash is a security win for everyone. https://t.co/Y0daBqAXmu
— Michael Coates (@_mwc) August 28, 2015
Maybe we shouldn’t be surprised that Adobe has failed to keep pace with the times. After all, their other software (like Acrobat and Photoshop) are also resource monsters with plenty of security vulnerabilities. However, their other products either have lightweight and secure alternatives (like Acrobat), or are primarily used by professionals and don’t have networking capabilities (like Photoshop). Being a web standard is a much more sensitive situation, with a much higher bar for quality – a bar that Flash simply no longer reaches.
How a Standard Dies
This grim situation persisted for longer than it should have, because standards have a kind of inertia. If you want to create a browser game or play a video, asking users to install a plugin leaves you dead in the water. The whole point of the browser is its convenience: the ability to things without needing to install stuff. Unless a plugin is bundled with most browsers, there’s no way for it to get over the hump to ubiquity.
The problem probably would have persisted for much longer if not for the rise of mobile platforms. A big blow to Flash was the decision not have the original iPhone support it. At the time, Apple cited its impact on performance and battery life, concerns which still apply today. As of now, Flash is not supported on any major phone operating system. There are workarounds on a few platforms, but they’ve largely become unnecessary as the web has moved away from Flash content.
Here’s Jobs justifying the decision not to support Flash on the iPad, back in 2010:
While Flash’s poor performance can be overlooked on the desktop, it becomes intolerable on mobile devices. And, when developers are forced to port their video streaming services to a new standards on mobile, they might as well make the jump on the desktop too. It’s this process that’s been slowly chipping away at Flash over the last decade or so.
How to Disable Flash
If you want to vote with your feet and start speeding up the future of the internet, you can turn off Flash right now. It’s easy, and you might be surprised how little you need it (hint: most of the stuff it breaks will be sketchy ads). If you need it, you can always turn it back on again.
- To uninstall Flash on Chrome, simply go to chrome://plugins/ using the address bar, and click Disable under Adobe Flash Player.
- In Internet Explorer, click the gear icon in the corner, go to manage add-ons, then the show box and click All add-ons. Find the Shockwave Flash icon, highlight it, and click disable.
- For Edge, open the menu, click settings, and go to View Advanced Settings. Find the use Adobe Flash Player and turn it off.
- For Firefox, click the settings menu (the three horizontal bars). Click Add-ons then Plugins then choose Never Activate from the drop-down menu.
There are a lot of benefits to uninstalling Flash. The web runs faster, there are fewer obnoxious ads, and you’re less vulnerable to hackers and malware. Likely, Flash will be totally phased out by the major browsers in a few years, but you can enjoy most of the benefits right now with very little work.
If you choose to go the uninstall route, let us know how it goes! What do you miss? Any unexpected benefits? Looking forward to hearing your thoughts in the comments.