Amazon will stop accepting Flash ads on its advertising network on Tuesday, and it will help make the entire Web more secure, security experts say.
According to Amazon, the move was prompted by a recent update from Google Chrome that limited how Flash was displayed on Web pages. Mozilla Firefox and Apple Safari already had similar limitations in place.
"his change ensures customers continue to have a positive, consistent experience on Amazon, and that ads displayed across the site function properly for optimal performance," the company said in its announcement.
Bad, bad Flash
By enabling games and streaming videos, Flash revolutionized browser-based content, said Adam Kujawa, head of malware intelligence at San Jose, Calif.-based Malwarebytes Corp.
"However, over the last few years, the biggest thing Flash has been known for is its use by cyber criminals to infect users with malware," he said. "Flash exploits are one of the most commonly used tools that the bad guys use to trick your browser into downloading and installing malicious software."
The exploits mostly target old, out-of-date versions of Flash, he admitted -- but those are also the versions that are mostly commonly installed.
In particular, advertising networks have proven to be vulnerable to Flash-based malware.
"Flash advertisements are the primary method in which attacks like malvertising are able to work," he said.
Attackers either buy advertising space legitimately or via stolen credit cards numbers, or infiltrate the networks through other channels, and then create ads that exploit Flash vulnerabilities to install malware on user computers, or send users to malicious sites.
Ad networks get blamed for failing to protect users, he said.
"It would be in the best interest of the ad networks to no longer support the user of Flash based advertisements," he said.
But it's not just about security, added Tim Erlin, director of IT security and risk strategy at Portland, OR-based Tripwire, Inc. It's about the bottom line for the ad networks, as well.
"With more and more users disabling Flash or using a ‘click-to-play’ setting in their browser, Flash-based ads simply aren’t being seen as effectively," he said.
"After all, who specifically enables Flash to view a banner ad?"
Is this the end, my friend?
Many of the features formerly only available via the Flash plugin, like animated graphics, are now part of HTML 5, said Kujawa.
"Flash is becoming obsolete," he said. "This new technology can do everything that Flash can, without the risk of infection or the requirement for users to use browser extensions and plugins that need to be updated."
Flash probably won't go away entirely, he said, and will continue to be used to support older applications that haven't been ported over to HTML 5.
Sign up for CIO Asia eNewsletters.