Friday, November 13, 2009

Why Flash is like booze

One of the most loved and hated pieces of code on the internet today is the Adobe Flash player.

It's thanks to the power that this browser plug-in provides, that services such as YouTube and many others have flourished.

Flash has delivered web designers with a rich ability to create vivid multi-media displays on webpages and also deliver hitherto unattainable levels of interactivity between the page and the person reading it.

Unfortunately, as is so often the case with such complex pieces of software, Flash is not without its problems.

The first problem is what some see as the blatant over-use of this system. Whenever you see irritating ads that immediately start playing video (sometimes with an embarrassing or irritating level of sound), chances are that Flash is doing the work.

What's more, the bulk of those distracting, garish, eye-catching, annoying highly-animated banner ads are also delivered through the Flash player that is part of most browser setups.

However, more recently there has been an even more sinister side to Flash -- and that's the discovery of nasty security holes that make every website using Flash a potential booby-trap for unsuspecting websurfers.

The latest Flash security hole has been described as "huge" by at least one security expert.

The flaw has the potential to affect any website that uses a Flash applet to allow the upload of files. This would include sites such as GMail and YouTube, both of which rely on Flash applications to perform intelligent upload operations. Fortunately these companies have already taken great care to try and mitigate the problem.

However, by uploading their own carefully crafted malevolent Flash applications to less well administered sites, hackers could effectively then deliver those packages to other unsuspecting internet users with Flash-enabled browsers.

Adobe says that the flaw is not patchable and that the responsibility for ensuring that it can't be exploited lies with the website operators themselves.

In an amusing twist of irony, at least one media outlet is reporting that some of Adobe's own websites are themselves suffering from this very Flash-induced vulnerability.

This leaves the average Web-user in a bit of a quandry.

The only guaranteed way to avoid exposing themselves to the very clear and present danger associated with Flash right now is to uninstall the plug-in itself -- but that would leave many websites that rely solely on Flash for navigation, unusable.

Another option is to install a Flashbocking plug-in so that visitors to an untrusted page can select for themselves whether they enable Flash on an applet by applet basis.

No doubt this latest revelation will again rekindle the debate as to whether Flash has been grossly over-used and abused by webdesigners, something which certainly seems to be the case when so many websites rely totally on Flash applets with no alternative means of navigation.

Even NZ's Official Lotto website falls into this category.

Fortunately, with HTML 5.0 ready for the big-time, Flash may be almost reaching its use-by date and this proprietary system (complete with its security holes) may well fade into oblivion, from where some claim it should never have emerged in the first place.

The truth is that Flash is like alcohol... a little bit of it can make life more fun and does no harm. Over-use however, can lead to a whole bag of misery for all concerned.

No comments:

Post a Comment