The Flash Player Revolution The Flash Player Revolution

I'm not sure if you've noticed but lately, the online media has been buzzing with all kind of news about Flash Player, most of them not very flattering for Adobe's product. In case you didn't know what to make of all this fuss, I've decided to give you a rundown of all the events along with some of my own conclusions. And just in case, at the end of the article, you will also find a small guide on how to get rid of Flash Player in your computer.

How it all started (this time)

Hacked TeamHacked Team

Flash Player is known for a (very, very) long string of security issues, so what caused all this recent heat? It was seemingly a completely unrelated incident. I'm not sure if you heard about it or not, but about a week ago, an Italian company named the Hacking Team has been the victim of a cyber-attack which leaked thousands of their files on the Internet. The targeted company was actually a hacking group which made most of its money by selling spyware or their hacking services to governments from all over the world, so a lot of the information that got out was related to various exploits and vulnerabilities. (If you're interested in reading more about the incident, I've written a story at the time, which you can find here.)

After looking through pieces of data, researchers from security companies, found not one, not two, but three different 0-day exploits which took advantage of Flash vulnerabilities. All of them were currently being used by the Hacking Team. (Just to remind you, the incident is still very fresh, and the attackers leaked approximately 400 GB of files on the Web, so more exploits may be discovered in the future). According to the security engineers who discovered them, all the exploits worked against the current version of Flash Player and, up until this point, only one of them has been patched. Adobe has issued a statement related to the matter, saying that the company is aware of the problems and is working on fixing them. (The patches to fix these latest vulnerabilities should be coming by the end of the week.)

I'm not going to get very technical, but if you were wondering what 0-day exploits actually mean in human terms, I will tell you. They are vulnerabilities within the Flash Player's code, which hackers can exploit (write a code that takes advantage of them). Once the vulnerability has been used to breach defenses, the attacker can do all kinds of nasty stuff like reallocating your system's memory, changing the value of objects and overriding your PC's functions. And no, you don't need to be browsing God knows what kind of shady site from the far end of the Internet to become a victim. These vulnerabilities are generally exploited through advertisements that are (unwillingly) served by legitimate websites.

Unprecedented reactions

Occupy Flash TweetOccupy Flash Tweet

As I said, saying that Flash Player has some exploitable vulnerabilities is pretty much like stating that the water is wet: it's not a surprise to anyone. But this time it was actually so bad that Mozilla instantly reacted by disabling the Flash plug-in in the Firefox browser. (You can turn it back on if you absolutely must, but the browser will warn you that in doing so you will risk compromising your PC's security.) Unfortunately for many Internet users, Google's Chrome browser has Flash Player embedded in its code, and even if it is a safer and more stable version of the product, it's still vulnerable to the recently discovered exploits.

Furthermore, Facebook's chief of security went on Twitter to ask for a death sentence for the player. According to Mr. Alex Stamos, setting an “end-of-life” date for Flash Player is "the only way to disentangle the dependencies and upgrade the whole ecosystem at once.” And if you take into account thousands of security patches Adobe has had to issue so far (and will most likely still issue), one must agree that simply killing it off and finding a better solution would most likely be a more successful approach.

What to take away from all this

HTML5 vs FlashHTML5 vs. Flash

If you're wondering what to make of all of this, there is one thing I can tell you for sure: Flash Player was, is and will be a big security risk for any PC using it. Unfortunately, many websites still depend on it for distributing media content instead of using HTML5, so uninstalling it can prove to be somewhat inconvenient for the average user. (YouTube is already transitioning to HTML5 so the videos there should work even if you've disabled or uninstalled Flash Player.)

As far as I'm concerned, deciding whether or not to give up on Flash Player should be based  individual needs. In case you have a lot sensitive information on your computer or you're at work, you should definitely take it down, as the security risk is just not worth it. Even if you're a home user who spends a lot of time browsing media sharing websites and social networks, you should try disabling it and see if its absence is actually disruptive to your regular activities. (You can always reinstall it in less than one minute, so you don't have that much to lose.)

Uninstalling and disabling Flash Player

Flash Player UninstallerFlash Player Uninstaller

If you've decided that you don't want to be a sure target for any hacker, and the security risk simply isn't worth it, here's how to get rid of Adobe's Flash Player. Uninstalling the application is actually quite easy, as all you need to do is to type Programs and Features in your Start Menu (Start Screen) and press Enter. In the new window that opens find Adobe Flash Player (it should be at the beginning of the list since the name starts with an "A") and double-click the entry. This will launch the uninstall utility. Follow the steps from the uninstaller, and you're done.

Unfortunately, if you're a Chrome user, uninstalling the player won't be enough ,as Google's browser embeds it into its own code. To keep yourself safe from Flash's vulnerabilities you will need to type chrome://plugins in your address bar. In the tab that opens up simply find the Adobe Flash Player entry, then click on the Disable button, and you're done. In case if you are not sure if you have Flash Player installed, simply click on this link and you will get the answer. (A small piece of advice: it may be useful to bookmark the chrome://plugins page so that you can quickly re-enable it in case you stumble upon websites that won't work without Adobe's player.).

Comments