Dismiss Notice
Join Physics Forums Today!
The friendliest, high quality science and math community on the planet! Everyone who loves science is here!

Is Adobe Flash Dangerous?

  1. Feb 3, 2017 #1
    Not a computer person, but a website I am interested in registering with requires Adobe Flash (along with Microsoft Edge browser and Java).

    I've seen warnings here and there about Flash being dangerous, but never looked into them from a technical perspective, nor followed up with those news bits (I just chose to never install it).

    Now, I'm in a position where I would need it for a site to work (although, I don't have to register with that site, as it's not essential for my life). Any idea if Flash (or those other programs I listed) are dangerous to use?

  2. jcsd
  3. Feb 3, 2017 #2


    User Avatar
    Gold Member

  4. Feb 3, 2017 #3


    Staff: Mentor

  5. Feb 3, 2017 #4
    Those technologies are being deprecated. They have many security flaws and even thought some browsers have removed support for them, Flash at least continues to release new versions which keep getting exploited time after time.

    Firefox was going to ditch the Java plugin by the end of 2016 and if I am not mistaking, we are in 2017 and it should be gone already.
    -Source: https://blog.mozilla.org/futurereleases/2015/10/08/npapi-plugins-in-firefox/

    Edge already ditched java at least for version 9. It doesn't support plugins at all:
    https://www.java.com/en/download/faq/win10_faq.xml [Broken]

    I leave this link here for the sake of completeness of the answer:
    (A list of vulnerabilities of Flash Player.)
    That being the case I'd avoid it.
    Last edited by a moderator: May 8, 2017
  6. Feb 4, 2017 #5
    It attacked me yesterday, with a knife!
  7. Feb 4, 2017 #6


    User Avatar
    Gold Member

    Flash technology was a monopoly for many years and as such it became target of various kinds of attacks. Now, while there were some good efforts to patch vulnerabilities as soon as they were getting discovered, there were many flaws in the software of the plugin itself and of course there is a fair share of responsibility for this, belonging to the companies that developed / maintain it. But I think that browser and other software vendors involved, have their fair amount of responsibility too, as they didn't like to adopt it, because of its monopoly state and this, in my opinion, is only partially justified. No one can deny its usefulness but it really ended up being a big unpatched vulnerability hole the recent years. Good thing is that HTML 5 specs have almost render it unneeded (not totally as of now) but there are still many websites utilizing it. Now, that said, if your OS is properly patched and you have firewall and anti-malware protection properly updated, I don't think that you run any big risk. But, as always correctly stated, the most important thing is what websites someone visits and what is doing there. After establishing this front line of defense, it is up to everyone to use the plugin or not.
  8. Feb 4, 2017 #7


    User Avatar
    Science Advisor
    Gold Member
    2017 Award

    You can install Flash and only enable it when you really need it. I leave it disabled most of the time. When a web site that I trust needs it, I enable it and reload the page. When I'm done, I usually disable it. Even ignoring the risk of Flash, it aborts and slows some web sites down so much that I hate using it.

    PS. I hope it goes without saying that you should make full use of an anti-malware software suite like Norton or McAfee.
  9. Feb 4, 2017 #8


    User Avatar
    Science Advisor

    My Firefox uses Shockwave Flash, rather than Adobe flash. It is set so that when something needs it, I get a prompt to turn it on just for the occasion.
  10. Feb 4, 2017 #9


    User Avatar

    It's odd that some government web sites still require flash...

    For example, I have to use... nap - ness application portal ... to update passwords for other .gov web sites...[COLOR=#black].[/COLOR] :oldeyes:

    And, it absolutely, positively will not work without flash... click the first hit in the Google link, or click the URL ...
    https://nap.nwcg.gov/NAP/# ... I guarantee you'll get a black page, if you don't enable flash.

    Same here, but I keep it disabled unless I know that I need it.

  11. Feb 5, 2017 #10


    User Avatar
    Science Advisor

    My setting is "ask to activate", which gives me the option I described.
  12. Feb 10, 2017 #11
    This is the best option if you really "must" use flash. Websites that support HTML5 usually auto-detect flash isn't available and run without it, or give you a link to access the HTML5 version. The major browsers are moving in the direction of defaulting to HTML5 when available, even if the flash plug-in is enabled.
    The tinfoil hat people run flash in a hardened VM whose state is cleared upon shutdown.
Know someone interested in this topic? Share this thread via Reddit, Google+, Twitter, or Facebook

Have something to add?
Draft saved Draft deleted