You know Flash? Haven't thought about it in a while, have you. For good reason! It's less useful and less relevant than ever. It's worth thinking about it one last time though—as you go to disable it in your web browser. Here's how and why you should.
Even if you've never heard of Flash (which manifests in the form of a plugin called Adobe Flash Player, or "Shockwave Flash" in your browser), you probably have it on your computer and enabled in your browser. It used to be vital for things like watching YouTube, but now with the rise of HTML5, it's practically useless, little more than a venue for hackers to mess with you.
I won't pretend to be the first person to suggest you go cut Flash out of your browser or uninstall it wholesale—there's actually a pretty well-organized campaign devoted to getting everyone to stop using Flash so it can die and we can all move on already. Between the dozens of Flash vulnerabilities that have been popping up lately, and the fact that nowadays it offers barely any benefit to justify its existence, I think it's time for one last push.
Flash is insecure.
Chances are you've heard about Flash vulnerabilities recently. There have been a ton! Last month alone, Adobe Flash suffered from three zero-day exploits. That is to say three major security holes that Adobe had zero days to fix before they were out in the wild and being exploited by sketchy people. And this is nothing new; Flash has always been a hotbed for this kind of stuff.
To mess up your computer with vulnerabilities like the ones in Flash, hackers' weapon of choice is something called an exploit kit. These are little, easy-to-use packets of code that are updated to keep track of the latest vulnerabilities in things like Flash and Java and Adobe Reader. When an exploit kit finds you, it looks at all the shit you have enabled in your browser and sees if it can get through any known holes. If it finds any, it uses them to screw you by doing heinous stuff like installing threatening crypto ransomware and all manner of other scary stuff.
To be clear, this can and does happen in all sorts of ways other than Flash (Java, Adobe Reader, I'm looking at you), but Flash is a big way in. Just search "Adobe Flash" on the National Vulnerability Database right now, and you'll turn up over 50 individual vulnerabilities, almost all of them with a severity score of 10.0. Nice!
This isn't some theoretical danger; it's real. Just the other day, an exploit kit was found on the reasonably well-trafficked website of famous(?) chef, Jamie Oliver. It exploited Flash. It happens on more universally viewed sites as well. RedTube—a site that, well come on you know what it is—was hiding a secret exploit kit too, one that (obviously) targeted Flash. And countless more sites—dailymotion.com, theblaze.com, and nydailynews.com, for instance—spent some time infected by a network of bad ads that pushed exploit kits all over the web.
Adobe is pretty good about fixing these holes as fast as it can, but if you don't update right away for whatever reason, you're in trouble. And more and more vulnerabilities keep showing up. It's a bad scene.
Flash is irrelevant.
All this would be pretty bad news if Flash actually mattered, but here's the good news/punchline. It doesn't. Like barely at all.
Waaay back in the day, Flash (previously Macromedia Flash and then Shockwave Flash) could pull off some great tricks. The software traces its roots back 19 years, and chances are you remember when it was cool, either for watching little videos or playing bite-sized online games. Years ago, Flash was basically the way to do multimedia video and audio online.
But nothing gold can stay. Flash issued out its first dying screams when Steve Jobs made moves to keep Flash off of iOS devices in the early iPhone and iPad days. Some of it was political, but in an official statement Jobs really laid into Flash for sucking on a bunch of important practical fronts, security, performance, and battery life.
The avalanche of media outlets offering their content for Apple's mobile devices demonstrates that Flash is no longer necessary to watch video or consume any kind of web content.
At the time it was a little bit of a reach, but today? Totally true. A year after the Jobs decree, Adobe officially gave up on mobile Flash, throwing its weight behind HTML5 for phones and tablets and leaving Flash to cater to laptops and desktop. Support for it has been dropping ever since. Android gave up. So did the Unity game engine. YouTube introduced an HTML5 option, and then switched it to the default earlier this year. Unless you are still going to Newgrounds or something, Flash is pretty damn useless.
I first started toying around with disabling Flash while trying to make Chrome run faster. Even after I switched to Firefox, I've kept it disabled. I can barely think of a time I've missed it. Pop-up ads won't load (oh dear) and some particularly backwards proprietary video players will whine at you if they can't find it. That's it.