UPDATED 09:10 EST / MARCH 13 2013

NEWS

Microsoft Brings Back Flash: Should We Be Worried?

This week saw a big reversal from Microsoft as it rolled out a fresh update for the Windows 8 and RT versions of Internet Explorer 10, enabling Flash content to run by default for the first time. According to Microsoft, the move will ensure that websites “just work”, vastly improving the Windows experience for its customers.

Microsoft explains the changes in depth on its official IE10 blog, but the nuts and bolts are that from now on, Flash will run as default within the Windows 8 and Windows RT “Metro” environment for all sites that are not on a designated “Compatibility View” list. Meanwhile, the Windows 8 desktop version of Internet Explorer will have Flash enabled for all sites, while the RT desktop version will be subject to the same restrictions as the Metro-style browser.

Looks Flashy, But Is It Worth It?

 

Microsoft’s decision will have an impact in two key areas – on the one hand, allowing Flash to run by default will enhance usability, but on the other hand it could lead to an increased security risk.

The usability side is simple enough. It means that those running Windows 8 devices will be able to play Flash-based games and view Flash websites without any inconveniences like before. But from the security side of things, questions will be asked about how secure Internet Explorer is against the numerous Flash vulnerabilities that pop up.

To try and address this, Microsoft has essentially flip-flopped its security protocols, doing away with its previous blacklist of sites running Flash, and instead created a whitelist of approved sites that can safely run on IE 10. As such, those sites which fail to meet Microsoft’s criteria for security, usability and reliability will automatically be blocked – either not running at all (on Windows RT) or displaying an ugly error message (on Windows 8).

“As a practical matter, the primary device you walk around with should give you access to all the Web content on the sites you rely on,” explains Microsoft’s Rob Mauceri.

“Otherwise, the device is just a companion to a PC. Because some popular Web sites require Adobe Flash and do not offer HTML5 alternatives, Adobe and Microsoft continue to work together closely to deliver a Flash Player optimized for the Windows experience.”

Optimized it may be, but this doesn’t change the fact that Flash is known for being open to various vulnerabilities. Flash might not be targeted as frequently as Oracle’s Java, but Adobe is nevertheless constantly issuing patches to stave off attacks, which means that IE 10 will also need to be patched whenever Flash is. The danger is that Internet Explorer is the most obvious gateway into any PC running Windows, and Flash’s security seems to be in a constant state of flux.

However, Microsoft has been quick to dispel fears about Flash’s security, insisting that these have been addressed:

“Adobe and Microsoft have worked closely together for some time to address security and reliability issues, sharing best practices like the SDL and ASLR as well as information on hangs and crashes. We are also working together on accessibility, manageability, and privacy. Flash updates with the Windows Update mechanism to distribute security updates from Adobe to meet expectations of Windows customers with regard to security updates and delivery of those updates.”


A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU