Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Amazon dumps Flash, and the Web is better off

Maria Korolov | Aug. 31, 2015
Amazon will stop accepting Flash ads on its advertising network Tuesday

"However Flash should not be relied upon anymore as a popular method of providing dynamic content to users," he said.

On the other hand, Amazon is a relatively small player in the advertising industry, said Anup Ghosh, founder and CEO at Fairvax, Vir.-based security firm Invincea, Inc.

And Flash did survive Apple declaring it persona non-grata on Apple devices, he added.

"Flash is still used extensively on Web pages beyond advertising, including most of the active content and videos we see on Web pages today," he said. "So Flash exploits probably won't be stopping anytime soon, though seeing it go away from advertising would be a positive step."

Other troubled Web technologies, like Java, are also still around, said Kowsik Guruswamy, CTO at Menlo Park, Calif.-based Menlo Security. It make take years before all the Flash content is gone from the Internet.

Franklyn Jones, CMO at Los Gatos, Calif.-based Spikes Security, suggested that eliminating Flash completely would negatively impact users -- and maybe a different solution can be found.

"It’s understandable why Flash content is getting a bad rap," he said. "But perhaps a better option is to find a way to securely render and isolate Flash content to eliminate the threats but preserve the experience."

A more secure Web

According to Invincea data, the majority of malvertising attacks today take advantage of Flash-based exploits, said Ghosh.

Flash exploits are cyber criminals' favorite tool for drive-by malware downloads and malvertising, said Malwarebytes' Kujawa.

"Removing this insecure technology that makes that possible from the equation will make a huge difference and reduce attacks by a significant amount," he said.

Criminals will then go on to find new ways to attack people, he added.

"But at least, if Flash was phased out, we would be able to breathe a little easier knowing that a huge vulnerability was taken care of," he said.

The industry is moving away from browser plugins like Flash, said Amol Sarwate, head of vulnerability management at Redwood Shores, CA-based Qualys, Inc.

"Traditionally, browser plugins had numerous problems including security, no sandboxing, cross-platform and stability issues, and I believe the web could be more secure with open standards," he said.

The use of HTML, JavaScript and mobile app development platforms to serve as user interfaces is growing, said Ben Johnson, chief security strategist at Waltham, Massachusetts-based Bit9, Inc.

"Disabling the ability to run dynamic Flash applications on the majority of systems will absolutely make the Web safer," he added. "Flash and Java have been significant sources of exploitation and compromise over the past few years. Flash makes it easy for attackers to cast a wide net against targets of opportunity."

 

Previous Page  1  2  3  Next Page 

Sign up for CIO Asia eNewsletters.