Adobe Flash Player – Damned if you do, damned if you don’t?

10. September 2016 Security 0

Flash Player, a lot has been said about it for many years and none of it is good. Most people are now programmed to tune out the words “Flash Player” in the media because of the incredible amounts of times it’s mentioned. I have already made my case and stopped posting about Flash Player updates some time ago.

This is not a post about a Flash Player update that fixes a gazillion vulnerabilities. This is a post for a friend of mine, let’s call him Bob, that made the following claim: “I installed Flash Player again because with or without it, the computer is just as vulnerable. So I might as well use it.” Asking to explain that bizarre train of thought he told me the following: “Adobe fixes Flash Player on a regular basis so I’m not worried about the plugin itself” he explains. “The problem is that without Flash Player installed, all these sites keep prompting me to install or update Flash Player, or the site won’t work.” “It’s so annoying, I’m better off with Flash Player which I need anyway to play my Facebook games and watch free sports.”. I didn’t know what to say. Instead I just stood there with a face one makes when seeing a T-Rex ride a unicorn down main street while singing lady gaga songs; complete and utter disbelief. “I have to go Bob, call you later.”

Why use Flash Player?

…. Moving on..

Why not use Flash Player?

Vulnerabilities – Flash Player is riddled with vulnerabilities, even after an updated version is released another update will be available soon with more vulnerabilities fixed. It’s an endless loop. And between updates you’re pretty much a sitting duck. 2016 alone there have been 6 security updates by my count which patched countless vulnerabilities. These vulnerabilities have been known to be exploited on several occasions but this is all old news, I won’t waste any more time on that.

Malware – Malware loves to masquerade as fake Flash Player updates. To name just a few between 2011 and 2016; BASH/QHost, FlashBack (several versions), Imuler/Revir, ClickAgent, Genieo (several versions), OceanLotus, InstallMiez/InstallCore and a possible iWorm variant. All of them posing as a Flash Player update in one way or another.
fake-player-update
Flash Player itself does a good enough job of putting your system at risk but it’s also a very popular cloak for other malicious contents. If you don’t have Flash Player installed, you KNOW that any such popups are bogus. Sites that claim you need Flash Player to see it’s contents (and conveniently offer you a download) you can simply ignore.

Performance – Flash Player has been known for a long time to be a drain on battery life and overall system performance when in use.

Following up with Bob

Later that afternoon I called Bob and asked him a few questions:
Bob, since you installed Flash Player, have those website pop-ups asking you to update Flash Player stopped?
“Well no, not really”.

And when you see such pop-ups, what do you do?
“I go to System Preferences and check for an update to make sure it’s legit, you told me to!”

Indeed Bob, good call. Then what?
“If system Preferences tells me Flash Player is up to date already but the site keeps nagging me for it, I figured it must be offering a newer version than what I have, so I install it sometimes.”

Oh Bob..
“It’s alright, if I go back to that same site after I install it and it still tells me about the update, I know it was a fake. So I uninstall Adobe and re-download it from Adobe’s website.”

You do realize those fake Flash Player updates don’t actually install Adobe Flash Player, so un/reinstalling it does nothing for you..
“…”

You get the idea. Bob ended up running a few antivirus utilities and cleared a smorgasbord of malware off his Mac. He has now, once again, joined the Flash Player free community and knows that any pop-up asking for a Flash Player update, is a fake. After a short period of withdrawal symptoms missing his Facebook games, he is now a happy camper and certainly a safer one.

If you do run into websites that really require Flash Player, don’t install it. Instead start putting pressure on them to switch to HTML5 like so many other have done. It’s a more pleasant experience and safer. If enough people complain about the presence of Flash content, sites will abandon it.

It can be hard but you’ll be doing yourself a favor.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.