Important: Flash zero-day exploit uncovered
Although I usually try to avoid strong, one-sided opinions on these posts, I’m just going to come out and say it: I hate Flash. Hate it. It is now, and has always been, far more trouble than it’s worth, with it’s supposed benefits never coming close to outweighing the risks. If you’re not familiar with Flash, it’s what allows things like small browser games, some videos, but most of all banner advertisements, to run in webpages. They even try to get you to install another bad product, MacAfee AntiVirus, when you install Flash. Unbelievable. There are other technologies, such as Java, that do the same thing as Flash, but Flash is very lightweight. I won’t use the hyperbole that was used at the Register, but I completely agree with their take on it.
You know why it’s always showing you this dialog? Because there’s a recurring problem.
The problem is, Flash is also very insecure. It has been the vector for installing malicious software on PCs for years and years, and today is no different. It was announced today by Trend Micro that a brand new zero-day exploit – meaning a flaw the developer has yet to fix – has been discovered in Flash, however this is the third one in less than thirty days. It’s why Steve Jobs wouldn’t allow it on iPhones and why Apple is so restrictive about it in their Safari browser.
There are several ways to protect yourself, the obvious ones including having robust anti-virus protection (the vulnerability affects Mac as well as Windows if using Firefox) and don’t visit questionable sites, although even that last one isn’t enough since this attack was discovered through the very popular site DailyMotion, which I’m not linking here for obvious reasons.
You could also use Flash-blocking addons for your browser, something I do myself. You have to be careful with them, however, as sites depend on those ads appearing for revenue. In that case, if there is a site I visit regularly, and I trust inasmuch as I can, I will disable the plugin on their page and let the ads appear. I don’t click on them, but I don’t have to for them to earn their money.
And lastly, I am very happy to see that the HTML5 specification is finally coming in to wide use. HTML5 allows for videos and ads and whatnot to play in your browser natively, without the need for any third-party plugin like Flash. In fact, you can test your browser’s support of HTML5 at this link. YouTube is already switching over to it, as are many other sites, and that will hopefully spell the end of the insidious Flash player and it’s irritating banner-ad-enabling software once and for all.