• Is disabling Flash not enough?

    UPDATE: Starting in October, Google Chrome will not show Flash objects unless you specifically click to show your acceptance. If a site offers both HTML5 and Flash, the HTML5 will always run, not the Flash, by default. More details on the F-Secure site.

    Good question from WH:

    In your 20:19, May 10, 2016, post on AskWoody.com, you have the following:

    “The Adobe zero-day is with Flash. Lesson: Don’t use Flash. (Does that sound familiar, too?)”

    My default browser is Firefox. I use NoScript also. I think it is NoScript that prevents Adobe Flash Player from being run automatically. Any time a web site wants to use Flash, I have to explicitly click to activate it.

    It seems that MANY web sites require activation of Flash to view at least some of their content.

    When you recommend third-party updates (e.g., Randy the Professor) to programs such as Flash, I update it. Is that not enough?

    If you say we shouldn’t use Flash, but we want to view the content web sites offer, what is the alternative to Flash?

    Sadly, there is no alternative to Flash. Sadly, some web sites still require it, after years and years of complaints. If you hit a site that requires Flash, find a different site! The people who control the site obviously don’t give a harry rat’s patoutie about you. Write to them and complain!

    If you have to use Flash on some sites, I suggest you pick just one browser and arm it with something like NoScript, which will block Flash unless you specifically allow it. I use Edge (don’t shoot me!), because it’s easy to switch Flash on and off. I never, ever venture out into the real world with an armed version of Flash exposed to the web. Life’s too short.

    Internet Explorer, Flash and Adobe Reader have been the leading source of Windows infections for many years.