DON’T BE FOOLED: Ignore those Flash Update warnings

The other day a funny thing happened to me. I was trawling my way along the internet and on a site I don’t normally visit. Suddenly a new window opened and told me my Flash Player was out of date. I was advised to update it immediately.

My response was simple:

That’s right, I got the heck out of there.  Maybe I overreacted but I force-quit the browser. Then I held down the power button on my laptop until it shut down hard. I rebooted into safe mode by holding down the F8 button. (Different computers get to the safe mode menu differently.) I did a full malware scan and once I was satisfied, I rebooted normally and did another malware scan.

Why the hysterics?

Folks, it’s 2019. You should NEVER get a Flash Update warning. If you do, it’s a clear sign that you’re about to get hacked in one way or another. In fact, you should avoid Flash as much as possible. If you even see a graphic like this one:

…you should consider that site suspect unless you know it well. Well-run sites abandoned Flash years ago because of security issues and major browsers either block Flash or give you the option to run the player manually.

Why all the hate for Flash?

Flash is an internet application that dates back to 1996. Back then, the web was a pretty boring place. You could barely show pictures, let alone do fancy things like use interactive buttons. Flash solved that by running scripts on your computer that your web browser couldn’t. All of a sudden you could do almost anything within a web browser. You could play games, upload files, and actually even have fun.

Like many early web standards, Flash was extremely insecure. Early web designers just didn’t anticipate the way that the bad guys would use the internet. Flash was designed specifically to download code from the internet and run it on your local device. If you think about it, Flash was never going to be as secure as we need it to be. It’s designed not to be.

Still, by the mid-2000s Flash was everywhere. Of course it was, because there was really not any other way to deliver the kinds of experiences people wanted.  Many people saw the problems with Flash. One person took steps to end it. When Steve Jobs announced that his iPhone wouldn’t run Flash, ever, the writing was on the wall. iPhones leaned into the latest web standard, HTML5, which did everything Flash did and more. More important, HTML5 was designed with security in mind.

The death of Flash

Flash has been disabled by default for a while in Chrome and Firefox, and it doesn’t work at all in Edge. Most versions of Safari don’t support it and never have. Adobe, who is the latest company to own Flash, has said that it will be discontinued in 2020, with the exception of its Adobe AIR product which is a version of Flash that runs outside of a web browser in protected memory.

This all boils down to one clear message: avoid Flash. Avoid it every possible time you can. If you must use Flash for your job or for some specific site, make sure you totally trust that site’s security settings. If you don’t, use something like Windows Sandbox or VMware to create a secure partition that can’t spread anything to your computer in general.