The initial security discussion was all about browsers: Which one shows less vulnerabilities, which one is more secure? There were even government agencies in Europe recommending the use of a different browser every other week based on the “vulnerability de jour”. This changed a bit and modern browsers are more or less out of focus today. But the attack vector through the user surfing the Internet obviously remains â€“ the attack just comes through the add-ins rather than the browser itself. The two add-ins making creating most trouble these days are well known: Java and Flash. From a security standpoint, both create more headaches than value.
With HTML5 there is an alternative especially for Adobe Flash. But as always: If companies are not forced to change, they will not. Google made a first brave step by disabling Flash in Chrome. I guess the other browsers should follow (with some lead-time) to force websites to change. In my opinion, time has come to decommission Adobe Flash – for the industry (do not blame Adobe, only).
And I am not the only one: 2016 Resolution: Ditch Flash , Flash. Must. Die., Going Straight: How To Ditch Flash and Embrace the Future of the Web, YouTube ditches Adobe Flash for HTML5 on most browsers just as a few examples. There is even a movement for it: Occupy Flash
And as a side-effect I would not have to de-install McAfee on my friend’s computers after them having installed Flash…..
- Adobe’s final patch update this year: 78 bugs squashed (zdnet.com)
- Adobe Patches 79 ‘Critical’ Vulnerabilities in Flash Player (tripwire.com)