The Adobe Flash Player plug-in for web browsers such as Internet Explorer, Firefox or Chrome has become indispensable. It works as a playback system for graphics and videos on the Internet and can also stream audio and video content. With this functionality, which has been developed over many years, Adobe has achieved a certain supremacy with the Flash Player, which cannot be replaced by alternative solutions from other manufacturers. This monopoly position of the software solution and its widespread use inevitably attract hackers and cybercriminals who try to target Flash Player as the preferred target.
In the early weeks of 2015, attacks reached a new high in Flash’s “dark” history. During this period of time, several different security gaps were discovered in Flash and only patched with great effort. For security reasons, the manufacturer Adobe itself recommended deactivating the Flash Player until a suitable patch could close the security gaps.
The problem with Flash Player is that both Microsoft Internet Explorer and Google Chrome have Flash integrated by default. However, there are also alternatives, such as the Mozilla Firefox browser, which is delivered without a pre-installed Flash plug-in. But Flash has existed for so long that it has established itself as a quasi-web standard and countless websites no longer work properly without Flash.
Use Adobe Flash safely
Nonetheless, you can take precautions to minimize the risks and still use Flash widely. The most important one is to keep Adobe Flash up to date. Other options would be to completely deactivate the software in the corresponding browsers or to only activate the “Flash function” when required. We have worked out small how-to guides for the most common browsers such as Internet Explorer, Firefox and Chrome:
Disable Adobe Flash under Internet Explorer or use click-to-play function
These instructions apply to Microsoft Internet Explorer 11. A Windows 7-based platform serves as the substructure. Unlike Chrome or Firefox, Internet Explorer doesn’t have a dedicated click-to-play feature. With this browser, however, a little trick helps as an alternative to simply deactivating Flash.
-
Click on the gear icon that can be found on the far right of the address bar.
-
Enable the Manage add-ons option in the expanded menu window.
-
Under the enabled Add-On Types / Toolbars and Extensions entry on the right pane, look for the Shockwave Flash Object entry.
-
Use the left mouse button to select the appropriate Shockwave Flash Object.
-
The details of the plug-in are now listed in the lower pane. The Enable/Disable button is also on the right.
-
If you only want Flash to be activated on a website when prompted, click the Currently loaded add-ons button under Ads.
-
Enable the Run without permission option.
-
Right-click Shockwave Flash Object. A menu window opens.
-
Activate the entry Further information with a mouse click.
-
In the Shockwave Flash object information window that opens, click the Remove All Sites button. All entries will be deleted. Now the Flash plug-in will ask the selected webpage once (provided it is enabled) to allow the add-on to run. If so, the website will be saved. A new query after running the add-on is then no longer carried out, unless the entries are all deleted beforehand.
Disable Adobe Flash in Firefox or use the click-to-play function
This guide applies to Mozilla Firefox 35.0.1. As with Internet Explorer, a Windows 7 platform is used as the substructure.
-
Click on the three line icon found on the far right of the address bar.
-
Activate the Add-ons option in the opened menu window.
-
Under the Plugins entry on the left, look for the Shockwave Flash entry on the right panel.
-
With the left mouse button click on the button of the corresponding entry.
-
A selection window opens with three options: Ask whether you want to activate, always activate and never activate. The first entry equates to the click-to-play feature.
-
If the Ask whether to activate option cannot be activated, it must first be activated.
-
To do this, enter the command sequence about:config in the Firefox address bar and confirm this entry and the warranty notice that may follow with the return key.
-
In the upper search field under Search: enter the term click_to_play. It should now be plugins.click_to_play as the only term in the search window.
-
If the value entry of the plug-in is true, the click-to-play function is activated or deactivated if the value is false. Attention: The changes can only be used after restarting Firefox.
Disable Adobe Flash in Chrome or use click-to-play function
These instructions apply to the Google Chrome 40.0 web browser. A current Windows 7-based computer serves as the substructure.
-
Type chrome:plugins in the Chrome browser address bar to go to the plugins overview page.
-
In the Plug-ins window, locate Adobe Flash Player.
-
To disable Adobe Flash Player, click the Disable link. The plug-in will then be greyed out.
-
To enable Adobe Flash Player, click the Enable link. The plug-in will then be highlighted in white.
-
You can access the click-to-play function as follows:
-
Click on the menu button at the top right of the browser and activate the Settings menu button.
-
On the Settings page that opens, enter the text Click-to-Play in the Find Settings field.
-
Follow the yellow marker to Content Settings…/ Plugins and enable the Click-to-Play option. You can also choose to run or block the Flash plug-in automatically here.
Conclusion and Outlook
Adobe Flash has been a target for hackers in the past and will continue to be so. Because the installed base is simply very large and therefore a worthwhile target for cyber criminals. However, certain precautions can be taken to minimize the security risk and make work more difficult for attackers. This allows the user to do without Flash altogether or to manually enable Flash on any website using the click-to-play function.
on AdobeFlash it is almost impossible to do without at the moment. Because many websites and web-based management platforms still work explicitly with it. But in the long term, Flash usage will certainly decline. For example, since 2012 there has been no Flash support for Google’s Android operating system, and Apple has left the software on its iOS devices from the start. Due to the rapid growth of mobile technologies in recent years, it is not surprising that many websites are already turning away from Flash and relying on HTML5 instead – and the trend is increasing. (hal)
