Will Flash Be The Death Of Your Network?

Even though the technology in question has been controversial over the last couple of years, Flash still remains one of the most popular computer platforms around. Some people think that it is only still around because it is a default plugin in Windows based operating systems but that is not entirely true. While competing technologies such as JavaScript mixed with HTML offers a better experience today than it did before, Flash is still able to do things that these technologies cannot. People are hoping that HTML 5 and JavaScript along with CSS 3 will be able to take on Flash but right now there are just some things it is better at.


You will hear a lot of reasons why people do not like the Flash platform. Most of the reasons stated are due to third party developers implementing the technology in a poor manner. But the one thing that the Flash platform is guilty of, in my opinion, is security issues. There have been plenty of problems reported when it came to security due to Flash. And that is what this article is about. I do not hate Flash as a platform but I believe there are some things that the creators of the technology can do to make the program safer.

The problems with Flash

Of course as I said earlier in the article there are people who would name a bunch of different things that are wrong with Flash. But the main problem with Flash when it comes to security is that its runtime over the years has gotten more and more powerful. You might be asking yourself right now what is a run time? When Flash was presented to the public many years ago it was just a way to make vector animation on a browser. You would be able to easily make different objects fly around on the screen. At the time this was considered revolutionary. But to be able to pull this off you would need a plugin in to the browser. This plugin is known as a run time. It is the engine that makes the Flash animation move. That is why for the most part the Flash does not play outside of the player. The player is the housing for the run time and that is needed to be able to do all of the neat things that Flash does.

The problem started when at the time Macromedia, but now Adobe, decided that Flash could become a powerful platform. They wanted to give the developers of Flash the ability to be able to do more than just animation. They wanted the developers to be able to create fully fledged applications with the Flash run time. So to do this they gave it a scripting language. They also gave the run time a lot more abilities than it had before. Before where you could only just create animation, now you could access the files on a local computer, send input/output calls to other web servers, play video, and a host of other things. The creators of Flash could now tempt real developers from competing languages like Java, PHP, C# and others to come over to their platform.

The problem with giving the tools all of that ability is that now black hat hackers had another web entrance to your computer. The internet is the number one way to get an attack vector to a victim’s computer. No matter if it is through email, an infested web site, or a bad link on a social network, the internet is how 99% of malware is delivered. With the Flash runtime gaining all of these new abilities now black hat hackers had a new way through the internet to deliver their warez. Instead of just worry about weak JavaScript, now site owners had to worry about Flash as well. And you better believe that Flash has been used in some major attacks. One of the worst attacks that used the Flash technology was through the use of ad networks. Flash is the number one technology when it comes to advertising on the web. You can see that when you do a daily web surf. Some hacker figured out how to serve malware through Flash on several of the ad networks. And since Flash had all of these new abilities, the attack was able to affect your computer in a serious ways by installing a fake antivirus script that would pretend as if they were helping you stop an attack on your computer. Of course it wasn’t and instead was itself installing malware.

While Flash has gotten better on the security front, there is still a long way to go before the problem is considered solved. Some of the major holes in browsers even today is through the Flash run time. So, if you are running a network at a business, it might be a good idea to disallow Flash. Even though 99% of the time it is safe it might be better to be safe than sorry.

About Lee Munson

Lee's non-technical background allows him to write about internet security in a clear way that is understandable to both IT professionals and people just like you who need simple answers to your security questions.

Speak Your Mind