There are few pieces of software that are as hated as Adobe Flash.
After a near 20-year history, Adobe Flash — a piece of code designed to let web browsers play things like videos, GIFs and animations — Flash remains most famous among ordinary users as the thing that crashes your computer and helps hackers.
Its reputation is not without merit. Over the last week, Adobe’s security team has had a tough time as hackers and members of the security community have found critical, “zero-day,” vulnerabilities in its Flash software at a near frenzied pace.
Zero-day vulnerabilities are flaws that are targeted by hackers before they are discovered by security professionals. Worse still for Adobe, evidence has also come to light proving hackers are actively targeting new Flash flaws.
Key campaigns targeting the new Adobe Flash flaws over the last fortnight include:
- A dodgy spam campaign targeting businesses with fake Adobe security alerts designed to spread malware.
- The return of an infamous “Wild Neutron” hacking gang, who according to Kaspersky Lab are using a mysterious, as yet undiscovered, Flash flaw to steal sensitive business data from Macbook and Windows users.
- And a fresh wave of automated cyber attacks working to spread a special form of blackmailing malware, known as ransomware.
This sea of flaws and attacks has reignited people’s hatred of the software — a fact showcased on Monday, when Facebook’s chief security officer, Alex Stamos tweeted that he wished Adobe would kill Flash so that websites don’t have to support it.
Mozilla added fuel to the fire on Tuesday when it announced it would automatically block the Flash Player from running in its Firefox web browser until Adobe sorted out its security.
Though Adobe has since made good with Firefox, releasing a patch fix plugging the holes Mozilla took issue with, the block was a significant blow to Flash. About 16% of people use Firefox to browse the web, the world’s third-most-popular browser according to StatCounter.
Microsoft’s Internet Explorer controls an 18% share of the market while Google’s Chrome browser takes the spot with a staggering 50% share.
They all use Flash. The Firefox move led to hopes Mozilla and other web browser providers may take Stamos’ advice and permanently block Flash.
You can’t always get what you want
Despite the backlash, most browser providers still plan on supporting Flash.
A Mozilla spokesperson told Business Insider the company will continue supporting the updated version of Flash, and that the firm has “nothing to add for the moment,” regarding its long-term plans.
A Microsoft spokesperson was more direct, telling Business Insider the firm plans to continue supporting Flash for the foreseeable future. “We are working with Adobe to include a version of Flash optimised for Microsoft Edge. This optimised Flash component will be shipped as part of Windows 10 and will be serviced through Windows Update as Flash currently does in Windows 8 and 8.1,” said he spokesperson.
Google declined to directly comment on its Flash plans, telling Business Insider it doesn’t comment on speculation, indicating it won’t cut support for the software anytime soon.
Why Flash won’t die
Answering the question of why browser providers seem hell bent on continuing to support Flash is difficult. One Business Insider reader came close to hitting the nail on the head when he commented:
… The fact that it still exists is a monument to inertia, self-preservation, and politics in IT.
James Lyne a director at the secutiy institute SANS and global head of research at Sophos, has a similar theory about Flash’s survival. Lyne told Business Insider one of the only reasons Flash is still so widely supported by web browsers is its age and place in IT history.
“Flash has a long legacy for use in producing certain types of media and players. Years ago it was really the only show in town if you wanted to produce certain types of animation, interactive content or streaming video,” he said.
“Today with modern browsers and standards, particularly HTML5 it has less clear delivery value. Even Adobe has admitted that Flash is a dead end, but it sticks around for legacy purposes.”
HTML5 is a core technology of the Internet and is becoming the coding language of choice for many developers when creating webpages and smartphone and tablet applications.
Big name companies like Google and Mozilla have listed HTML5 as “the future of the internet.”
Kaspersky Lab principal security researcher, David Emm agreed, adding Flash ongoing existence is due to the fact it has been around so long it has become the default software for many sites and for the moment, is too big to fail.
“I think it comes down to the fact that it’s installed on many computers by default and people tend not to think about it until there’s a well-publicised problem,” he told Business Insider.
“While some popular websites are already replacing Flash with the HTML5 technology (e.g. YouTube), some others still rely on Flash, forcing users to enable/install Flash Player in their browsers to be able to see the content.”
The security experts are hardly alone in their belief. Outside of web browsing, many companies, government departments, and educational institutions have online products and services that are built on Flash — products they would have to invest time and money recreating were tech companies to kill Flash completely.
With all this in mind, it seems unlikely Adobe Flash will be laid to rest any time soon.