Â鶹ÒùÔº

`It is a year since I last wrote about Adobe Flash and why everyone should stop using it. Since then, the leaks from the hack of the mass surveillance company HackingTeam have three serious bugs (called ) bugs) in Flash that they were exploiting to take over victims' machines. It is likely that more Flash vulnerabilities will be revealed as security researchers work through the documents the hackers removed from the HackingTeam.

The leaked exploits have already in hacking toolkits and are presumably already being used on the general public.

Since these bugs have come to light, both Mozilla and Google have various versions of Flash from running on their browsers. Other are removing Flash from installs on new computers.

The momentum behind the to rid the web entirely of Flash has picked up with the Facebook's Chief Security Officer Alex Stamos :

It is time for Adobe to announce the end-of-life date for Flash and to ask the browsers to set killbits on the same day.

The reality is, there really is no reason for Flash to still exist or be supported by modern browsers. Steve Jobs this point in 2010. Unfortunately, the reason that it still persists is because Adobe still makes money from it, a large number of people can't be bothered changing how they produce their ads and websites and an even larger number of people are still running versions of software that is too old to run the modern replacement for Flash, HTML 5. The latter group probably also can be split into those who can't be bothered to upgrade and those who can't afford to.

One has to believe that Flash has become a huge liability for Adobe. Being known as a company enabling a large part of the Internet's security problems is not good reputationally. However, Flash is still a part of its product suite and so it seems that any moves to abandon it won't come from Adobe voluntarily.

Usage is decreasing, albeit not fast enough. Flash is still on around 11% of websites. This is down 2 - 3% from a year ago.

The environment has changed however, even from a year ago. Mobile is rapidly the dominant platform for accessing the Internet and these devices don't run Flash. More importantly, the pervasiveness of government surveillance and cyber-crime in general has become all too apparent, even to the general public.

Whilst, surveillance by our own governments may not impact everyone, cyber-crime has become so prevalent that the public is becoming more . This is being helped in part by companies making security and privacy a bigger part of what they do and simplifying access protection with mechanisms like fingerprint recognition on mobile devices.

Another factor is that Flash use is tightly coupled with how annoying and intrusive ads are displayed on websites. Removing Flash may be an inconvenience for accessing a small amount of functionality, but users actively removing and blocking ads has become much more common. As more ads get blocked, the incentives for advertisers to use Flash to create web ads diminishes significantly.

If you do want to remove Flash, and as a security measure, it is really to at least limit its use, there are a number of to disable it temporarily or permanently. An added benefit from removing Flash is that you won't have constant messages asking to update it as daily security flaws are discovered and fixed by Adobe.