Adobe Flash Failure Shows Plug-Ins Are Obsolete - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Software // Enterprise Applications
Commentary
7/15/2015
04:01 PM
Larry Loeb
Larry Loeb
Commentary
100%
0%

Adobe Flash Failure Shows Plug-Ins Are Obsolete

This week's Flash failure also illustrates why plug-ins need to go. One solution to all of this is HTML5.

HTML5: 10 Tips That Will Change Your Life
HTML5: 10 Tips That Will Change Your Life
(Click image for larger view and slideshow.)

This week's security theater woes surrounding Adobe's Flash platform have exposed an underlying problem affecting all browsers. The problem is that browsers use plug-ins in the first place.

The impetus for the use of plug-ins -- the kind that execute on websites, in contrast to browser extensions -- can be laid at the feet of Microsoft. About 15 years ago, Internet Explorer 6 and Windows XP were kings in the PC universe.

Microsoft had won.

Of course, Redmond stopped developing and improving IE6. A minor improvement in the form of IE7 took five years to show up.

IE8 -- another small improvement -- took them another three years.

Internet Explorer 6 was limited in what it could do. It really couldn't handle embedded data types other than static text. That deficiency created an opening for others to fill.

Adobe did best to fill the void with Flash. Flash allowed video and animations to be shown from a website. It was a cross-platform solution that users liked.

(Image: SeanShot/iStockphoto)

(Image: SeanShot/iStockphoto)

But if every user, no matter their machine or operating system, is running the same Flash player, that makes it a great attack surface that is inherently cross-platform.

Not all plug-ins will run on all operating systems.

Silverlight currently powers Netflix, though they have stated they are moving to HTML5. If you have a Linux box and want to look at Netflix, you are out of luck. Microsoft doesn't make a Linux Silverlight plug-in. If the plug-in writer has some exclusionary goal in mind, that can be accomplished by not porting that plug-in to a specific OS.

[Want to learn Web programming? Check out these 10 sites. ]

Plug-ins generally use Netscape Plugin Application Programming Interface (NPAPI) to communicate with the host browser. Like its alternative (ActiveX), it was not developed with security in mind. These APIs are not sandboxed, which implies isolating the running program thread from the system. This means that if attackers can break through the plug-in, then they can get access to everything else.

Mozilla admits that plug-ins are a legacy technology.

Further showing how far plug-ins have fallen out of favor as a technique, they haven't made it to mobile operating systems. The two most popular, Android and iOS, do not make use of them.

So, how can plug-ins be eliminated?

Most will admit that they are both a security and maintenance problem.

The full answer may come from the Web itself.

Web standards are evolving at a much faster rate than they were in 2001. HTML5 is coming along nicely, and has the functionality to replace Flash. HTML5 is extending itself to allow data protection of the viewed images through encrypted media extensions that allow a key exchange to enable viewing.

While it is tempting for some just to trash Flash, that is only a partial, knee-jerk reaction. True progress will come when content consumers demand better from those who create Web tools.

Larry Loeb has written for many of the last century's major "dead tree" computer magazines, having been, among other things, a consulting editor for BYTE magazine and senior editor for the launch of WebWeek. He has written a book on the Secure Electronic Transaction Internet ... View Full Bio
We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Page 1 / 2   >   >>
nomii
50%
50%
nomii,
User Rank: Ninja
8/14/2015 | 2:17:40 AM
Re: Adobe flash
@Yogalnside agree with you but what is other option if no adobe flash.
YogaInside
50%
50%
YogaInside,
User Rank: Apprentice
8/12/2015 | 5:05:03 AM
Adobe flash
Very good ! The flash has become too outdated
larryloeb
50%
50%
larryloeb,
User Rank: Author
7/18/2015 | 7:10:00 AM
Re: You're wrong about netflix and linux
I quite agree with your asessment.
larryloeb
50%
50%
larryloeb,
User Rank: Author
7/18/2015 | 7:09:32 AM
Re: You're wrong about netflix and linux
Players should be embedded.

Some extensions will always be needed; but they should be sandboxed.
PedroGonzales
50%
50%
PedroGonzales,
User Rank: Ninja
7/17/2015 | 11:40:15 PM
Re: You're wrong about netflix and linux
I think HTML 5 has the best capabilities to overtake flash and tackle the weaknesses of current Plug -in.  In addition, they are very annoying. I remerber abobe flash will sometimes crash.  With all the different plugin one had to install it was difficult to keep up.  Those vendors who do not support HTML5 by now will really fall behind.
danielcawrey
50%
50%
danielcawrey,
User Rank: Ninja
7/17/2015 | 8:34:53 PM
Re: You're wrong about netflix and linux
Everything should just be embedded into browsers at this point. 

I remember when Google first embedded Flash into Chrome. I thought it was a smart decision, and showed serious progression in browsers. Now, it's time to just get rid of it, and use HTML5 instead. 
larryloeb
50%
50%
larryloeb,
User Rank: Author
7/16/2015 | 8:51:01 AM
Re: For now, it looks like we're stuck with Flash
You can use the newest version of Firefox without Flash, as I said in another reply.

Firefox also has a page on Mozilla.org that will check the update status of all of your plug-ins. I find that hugely useful.
larryloeb
50%
50%
larryloeb,
User Rank: Author
7/16/2015 | 8:47:42 AM
Re: For now, it looks like we're stuck with Flash
Firefox disabled Flash by default in its latest relese just becuase of these kinds of problems.

You can re-enable it if you must, but it's an opt-in.
larryloeb
50%
50%
larryloeb,
User Rank: Author
7/16/2015 | 8:45:35 AM
Re: You're wrong about netflix and linux
I should have been more explicit in that sentence that I was talking about past situations.

But the point remains the same: HTML5 can replace Flash's functionality. It took Chrome (which does have a sandboxed API,btw) to make it happen; but happen it did.
MaddieP
50%
50%
MaddieP,
User Rank: Apprentice
7/16/2015 | 7:47:16 AM
Re: You're wrong about netflix and linux
I agree, I check it cause it wasn't possible, but it is. Thanks !
Page 1 / 2   >   >>
Slideshows
Reflections on Tech in 2019
James M. Connolly, Editorial Director, InformationWeek and Network Computing,  12/9/2019
Slideshows
What Digital Transformation Is (And Isn't)
Cynthia Harvey, Freelance Journalist, InformationWeek,  12/4/2019
Commentary
Watch Out for New Barriers to Faster Software Development
Lisa Morgan, Freelance Writer,  12/3/2019
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
The Cloud Gets Ready for the 20's
This IT Trend Report explores how cloud computing is being shaped for the next phase in its maturation. It will help enterprise IT decision makers and business leaders understand some of the key trends reflected emerging cloud concepts and technologies, and in enterprise cloud usage patterns. Get it today!
Slideshows
Flash Poll