Firefox Security Warnings About Flash Get Results - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Infrastructure // PC & Servers
01:47 PM
Connect Directly

Firefox Security Warnings About Flash Get Results

By warning users that they're using out-of-date plug-ins, Mozilla's Firefox is helping to immunize the online community from malware contagion.

Usually, when computer hardware and software companies point out security vulnerabilities in the products of a competitor, there's a marketing goal: appearing to be more secure than the competition. Such is aim of Apple's advertising, which makes frequent reference to the viruses that can affect Windows PCs.

But in keeping with a trend to encourage community cooperation to combat malware, Mozilla recently began advising users to update Adobe's Flash software following a Firefox security update. While one could argue this represents a subtle attempt to discredit Flash and boost the appeal of HTML 5 video, which works in Firefox 3.5 without a third-party plug-in, a more charitable interpretation is that Mozilla is providing a genuine service to the community by helping to close a major vector for malware infection.

By helping to fix vulnerabilities in third-party software, Mozilla is making online life better for everyone. That's because infected computers aren't merely a problem for their owners. Infected computers affect everyone, by becoming bots that send spam and spread viruses.

The results are impressive. In the past week, the update notification page, displayed following upgrades to Firefox 3.5.3 and Firefox 3.0.14, has prompted over 10 million users to click on the Flash update link and install the most recent version of Flash. Assuming most of these people followed through and installed the update, that's a substantial reduction of the risk that 10 million computers could become infected with malware.

In a blog post on Wednesday, Ken Kovash, Mozilla's manager of analytics, notes that the click-through rate for this page is more than 30%, five times higher than it is typically. It turns out there are a lot of people out there with vulnerable versions of Flash, not to mention other software.

According to Adobe, 99% of desktop Internet users have Flash installed. And according to Mozilla's Internet traffic statistics, at least 75% of Flash users aren't using the more current version. While it may seem obsessive to worry about keeping one's software updated, failure to do so leaves one open to cyber attack.

The recent Top Cyber Security Risks Report singles out Adobe Flash, which accounts for four of the Top 30 vulnerabilities in the first half of 2009, as a source of ongoing problems.

"Flash presents additional challenges: It does not have its automatic update mechanism and one needs to patch Internet Explorer in a separate step from other browsers," the report states. "For users that have more than one browser installed, it is quite easy to forget to completely close Flash vulnerabilities and continue to be unwillingly vulnerable."

Mozilla plans to extend its alert system to other plug-ins. In a post on the Mozilla security blog, Jonathan Nightingale explains, "We're working to roll other plug-ins into our web-based checking, and the Firefox team is also building an integrated check that will let you know whenever a site you visit is trying to use an outdated plug-in (more on that soon). This is just the beginning."

InformationWeek has published an in-depth report on smartphone security. Download the report here (registration required).

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

Becoming a Self-Taught Cybersecurity Pro
Jessica Davis, Senior Editor, Enterprise Apps,  6/9/2021
Ancestry's DevOps Strategy to Control Its CI/CD Pipeline
Joao-Pierre S. Ruth, Senior Writer,  6/4/2021
IT Leadership: 10 Ways to Unleash Enterprise Innovation
Lisa Morgan, Freelance Writer,  6/8/2021
White Papers
Register for InformationWeek Newsletters
Current Issue
Planning Your Digital Transformation Roadmap
Download this report to learn about the latest technologies and best practices or ensuring a successful transition from outdated business transformation tactics.
Flash Poll