RIP (almost) Flash Player

RIP (almost) Flash Player: a reader asks…

Hi Chris, I’ve been reading about security vulnerabilities on computers, and it sounds like Flash Player is always getting hacked. Do I really need this program on my computer?

Short answer, probably not. Most of the big video sharing websites (like YouTube) on the internet have transitioned to the newer (and more secure) HTML5 platform for playing videos. But there are still a ton of sites out there (not to mention web browsers) that still have and use Adobe’s Flash Player to show you video, ads and other junk collectively called “rich media”.

Adobe Flash is such a security vulnerability that at this point I’m recommending that you uninstall Flash from your computer. For Apple Macs, you can visit Adobe’s uninstall page and follow the instructions. For Microsoft Windows PCs, you can go to Add/Remove programs (or type “Uninstall a program” in your Search box), and click on any and every item on the list that has the word “Flash” in it. Some folks may have several types installed.

You might think that’s it, but no, if you use Google Chrome, the current version has Flash built-in. Google’s using a supposedly safe version of Flash Player (called “pepperflash”), so of course if you don’t update Chrome, you might find yourself in a vulnerable situation with Flash. And there are still a ton of websites that haven’t updated to HTML5, so they’re still dependent on using Flash. Regardless, go ahead and uninstall any Flash program you have, my guess is you won’t miss it. If you do happen to visit a website and see an error message that says you need Flash Player, please see my exhortation below, but no matter what, DO NOT install Flash from anywhere else but https://get.adobe.com/flashplayer/. If you do decide you must install Flash, kindly decline any other offers from Adobe as part of the installation, and when asked if you want Flash updated automatically, say “YES”!

Pretty much all smartphones no longer allow Flash. Notably, Apple iPhones and iPads have never had any support for Flash – simply because it’s too big of a security vulnerability. You can still install Flash on Android devices, but it’s not a simple process, and totally not worth doing as pretty much all mobile web content has been created in HTML5 form (or is within a dedicated app). A number of big names in the tech world have come out against Flash, including Facebook’s Security Chief (see this BusinessInsider article). Way back in 2010, Steve Jobs famously came out with his manifesto on why he won’t allow Flash. Frankly, I agree that Flash is a big red warning sign that almost every consumer should read as “stay away”.

If you visit a website or other online place that still uses Flash, my recommendation is that you do two things: 1) leave a comment, send a note to the webmaster, or in any other way let the owner of the website know that they need to get rid of Flash, and 2) find another website to visit. It is my professional opinion that any webmaster who still uses Flash should be given some serious security training. I don’t normally take a stance against any particular product, but in my opinion Flash has more than outlived its usefulness and become nothing more than a hacker’s dream and computer user’s nightmare. Just my opinion, but shared by lots of other people. I agree that consumers should demand that websites use more secure ways to give us our videos. The easy way to demand that is to refuse to visit websites that require Flash.