Close
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cloud
    • Cloud
    • Cybersecurity

    Retiring Adobe Flash Will Make the Web More Secure—Eventually

    Written by

    Wayne Rash
    Published July 27, 2017
    Share
    Facebook
    Twitter
    Linkedin

      eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

      The news that Adobe had set an expiration date for the Flash Media Player was likely greeted in various ways at Web businesses around the world, depending on whether they had already migrated to more modern multimedia platforms.

      In some IT departments, the word that Adobe will stop supporting the media player at the end of 2020 means more work to check how many corporate websites and applications still depend on flash and what needs to be done to update them to more modern players.

      For the security staff, the end of Flash is very good news indeed. Flash, despite its many updates over the years, remains inherently insecure. The Flash player itself is a nearly irresistible target for hackers, and it provides a wealth of entry points for malware of all sorts. Worse, Flash updates were easily spoofed, tricking end users into installing fake updates that contained malware.

      Solving a Flash Problem Will Depend on Each Enterprise

      The size of the problem depended on what platform your organization supports. Users of Apple’s iOS, for example, should already know that their devices do not support Flash. Android, on the other hand, used to support Flash in versions 4.0 and below, but Flash support ended with Android version 4.1.

      The problem is there are a lot of malware attacks that start with a browser pop-up that announces that the mobile device isn’t running Flash and then asks to install it. But since the device won’t support Flash, what’s actually being done is to install some kind of malware that happens to look just like the Flash installer you’d get from Adobe.

      Something similar can happen to the Flash players in Windows and MacOS. Flash is supported in those environments, but these days it’s usually turned off. Just like on Android devices, you’ll see the prompt appear from a pop-up asking to install Flash from some unknown website. If you do, you will be installing malware unless you get the installation directly from Adobe.

      But the threat doesn’t end there. Flash apps can make use of legitimate Flash players to install and run malware that can sometimes elude antivirus software. Of course, the Flash player itself was a favorite target for hackers because of its ubiquity and its ability to gain control of computer resources.

      Updated Flash Players a Mandate

      All of this means that the security staff will need to make sure that your organization, as well as devices that can access the company network, run frequently-updated Flash players.

      Or they can solve the whole Flash problem by not allowing Flash on any computer or device that’s able to connect to the company network.

      This will require some advance notice to your employees. It will also require you to perform a survey of the websites that your organization actually needs to use to do business.

      For most organizations, the list should be a fairly small number of commercial sites, a few news sites and perhaps a couple of social media sites. Ask your employees to make a list of the sites they visit every day, and if necessary, what business purposes the sites serve.

      Note that this list is probably a small subset of the sites that your staffers actually visit, since it’s not uncommon for employees to do everything from shopping on Amazon.com to visiting dating sites on company time.

      No Reason Security Should Be at Risk

      While your personnel policies may allow your staff to do things like shopping, there’s no reason that this activity should risk your organization’s security. That translates into a clear path to eliminate Flash, even if it annoys a few people who spend their lunch hours involved in adult activities.

      If you do find instances where a few employees need access to sites that require the use of Flash, perhaps a supplier who has yet to convert, then you can limit the use of Flash to specific business functions and still eliminate it from the other computers and mobile devices with access to your network. While you’re at it, you might want to call the supplier’s IT department to find out their plans for converting away from Flash.

      It’s likely that the switch away from allowing Flash won’t be too onerous. If you limit mobile devices to those that either run iOS or Android 4.1 and later and also limit the Android devices to using apps obtained from the Google Play store, then those devices won’t be a problem. With desktop computers, you can set a group policy that eliminates the Flash software and doesn’t allow employees to install it.

      Once you’re taken those steps, your problems are over, at least for that security issue. However, somebody either in your IT staff or at your web hosting company will still need to convert away from Flash to an open standard such as HTML 5.

      While all of this may look like a huge annoyance, it shouldn’t be. If you’ve been following good network hygiene and keeping your machines up to date, it’s possible that all of your work is already done.

      But assuming there are still steps you need to take, at least you know what you have to do. You might be surprised at how little your organization relies on Flash and how relatively easy it will be to eliminate the use that’s left.

      Wayne Rash
      Wayne Rash
      https://www.eweek.com/author/wayne-rash/
      Wayne Rash is a content writer and editor with a 35-year history covering technology. He’s a frequent speaker on business, technology issues and enterprise computing. He is the author of five books, including his most recent, "Politics on the Nets." Rash is a former Executive Editor of eWEEK and a former analyst in the eWEEK Test Center. He was also an analyst in the InfoWorld Test Center and editor of InternetWeek. He's a retired naval officer, a former principal at American Management Systems and a long-time columnist for Byte Magazine.

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      MOST POPULAR ARTICLES

      Artificial Intelligence

      9 Best AI 3D Generators You Need...

      Sam Rinko - June 25, 2024 0
      AI 3D Generators are powerful tools for many different industries. Discover the best AI 3D Generators, and learn which is best for your specific use case.
      Read more
      Cloud

      RingCentral Expands Its Collaboration Platform

      Zeus Kerravala - November 22, 2023 0
      RingCentral adds AI-enabled contact center and hybrid event products to its suite of collaboration services.
      Read more
      Artificial Intelligence

      8 Best AI Data Analytics Software &...

      Aminu Abdullahi - January 18, 2024 0
      Learn the top AI data analytics software to use. Compare AI data analytics solutions & features to make the best choice for your business.
      Read more
      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Video

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2024 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×