Skip to main content
C
Chuck5CE3
Participant
January 14, 2021
Answered

Blocking Flash

  • January 14, 2021
  • 3 replies
  • 458 views

I am VERY disappointed at your decision to BLOCK Flash Player from running.

This is not a complaint about EOL-ing Flash, or discontinuing support.  That eventually happens to all programs.  There are lots of understandable reasons why "Jar Jar" must die 🙂

But this is the first time in my recollection that a working program was essentially REMOVED from my computer without my permission.  Here's my issue:

I have a wireless security camera.  It only knows how to work in Flash.  Tuesday, mid day, it just QUIT.  It was open in my browser (Chrome) and working, and then it stopped.

For all intents and purposes, Adobe came to my house, ripped the camera off the wall and threw it in the trash without permission or compensation.  Now I have to buy a new camera and install it at a cost of about $100.  Please send me a check.

I have a 1979 Apple 2 that still works.  I have a 386 running Win 3.1 that still works.  I have an old Vista machine in my shop that still works (barely), but it has a few programs on it that won't run on Win10.  The point is, all those old, obsolete, unsupported programs STILL RUN!!!  I understand the problems with Flash Player, I just want it to keep running.  I don't expect and support, just don't BLOCK it!  I'm willing to take the risks involved.  I just need my camera back.

    This topic has been closed for replies.
    Correct answer jeromiec83223024

    The difference is that neither your 1979 Apple 2 or your Win 3.1 machine are connected to the Internet. 

     

    I used to use epidemiology analogies to explain this issue, but if 2020 has taught me nothing, it's that we don't have a universal grasp on those concepts.

     

    When viewed individually, disabling Flash Player is annoying.  When you view it in the context of the larger ecosystem, disabling by default it is a no-brainer. 

     

    Flash Player is one of the few pieces of software on your computer that's tasked with processing fundamentally untrusted content. 

     

    The biggest problem anyone had to worry about in 1979 was Tom Cruise Matthew Broderick and a 120bps modem with an Acoustic Coupler hooked to a rotary phone.  In 2020, we have thousands of experts working diligently for both state-sponsored agencies and organized crime, creating and deploying malware for various reasons.  That work product includes a global infrastructure for detecting vulnerabilities, exploiting them, and deploying malware en masse for various economic and strategic ends.

     

    Because we're primarily tasked with processing fundamentally untrusted content, much of the work that we do on Flash Player is about keeping up with the latest academic security research and intelligence about what attackers do in the field.  Security is not static, and we're continually improving our security stance.  That work has stopped, and at some point, that automatic vulnerability and exploitation infrastructure will catch up.  Again, when viewed as an individual, having your identity stolen (or having a missile lobbed in your general direction) is a personal tragedy, but when viewed across the billions of existing installations, disabling Flash by default is necessary for the health of the Internet at large.

     

    In that vein, it's not just Adobe removing Flash that's in play.  All of the major browser vendors are removing support for browser plug-ins across the board.  Even if you had a working Flash Player, you'll be hard-pressed to find a browser that will continue to run it. 

     

    We do have some mechanisms available for enterprise users and archivalists, but we expect those people to have the expertise and resources necessary to secure those installations.  Long-term technology archival is a huge and complex topic, but there are well-known industry methodologies available for creating and running legacy operating systems and software on modern hardware in a way that's both secure and viable long-term.  


    Those topics are well beyond the scope of what we're going to advise on here, and well beyond the capability of the average non-techincal user. 

     

    The bottom line is that your camera vendor has had three years to produce an update to resolve the dependency on Flash Player.  Assuming that your cameras or DVR have the ability to take software updates, the decision to either produce or not produce an update to remove Flash dependencies (this is totally doable) is theirs.  It's possible that there's a firmware update already available.  It's definitely worth reaching out to their support people about.

     

    https://theblog.adobe.com/adobe-flash-update/

    3 replies

    jeromiec83223024
    Community Manager
    jeromiec83223024Community ManagerCorrect answer
    Community Manager
    January 14, 2021

    The difference is that neither your 1979 Apple 2 or your Win 3.1 machine are connected to the Internet. 

     

    I used to use epidemiology analogies to explain this issue, but if 2020 has taught me nothing, it's that we don't have a universal grasp on those concepts.

     

    When viewed individually, disabling Flash Player is annoying.  When you view it in the context of the larger ecosystem, disabling by default it is a no-brainer. 

     

    Flash Player is one of the few pieces of software on your computer that's tasked with processing fundamentally untrusted content. 

     

    The biggest problem anyone had to worry about in 1979 was Tom Cruise Matthew Broderick and a 120bps modem with an Acoustic Coupler hooked to a rotary phone.  In 2020, we have thousands of experts working diligently for both state-sponsored agencies and organized crime, creating and deploying malware for various reasons.  That work product includes a global infrastructure for detecting vulnerabilities, exploiting them, and deploying malware en masse for various economic and strategic ends.

     

    Because we're primarily tasked with processing fundamentally untrusted content, much of the work that we do on Flash Player is about keeping up with the latest academic security research and intelligence about what attackers do in the field.  Security is not static, and we're continually improving our security stance.  That work has stopped, and at some point, that automatic vulnerability and exploitation infrastructure will catch up.  Again, when viewed as an individual, having your identity stolen (or having a missile lobbed in your general direction) is a personal tragedy, but when viewed across the billions of existing installations, disabling Flash by default is necessary for the health of the Internet at large.

     

    In that vein, it's not just Adobe removing Flash that's in play.  All of the major browser vendors are removing support for browser plug-ins across the board.  Even if you had a working Flash Player, you'll be hard-pressed to find a browser that will continue to run it. 

     

    We do have some mechanisms available for enterprise users and archivalists, but we expect those people to have the expertise and resources necessary to secure those installations.  Long-term technology archival is a huge and complex topic, but there are well-known industry methodologies available for creating and running legacy operating systems and software on modern hardware in a way that's both secure and viable long-term.  


    Those topics are well beyond the scope of what we're going to advise on here, and well beyond the capability of the average non-techincal user. 

     

    The bottom line is that your camera vendor has had three years to produce an update to resolve the dependency on Flash Player.  Assuming that your cameras or DVR have the ability to take software updates, the decision to either produce or not produce an update to remove Flash dependencies (this is totally doable) is theirs.  It's possible that there's a firmware update already available.  It's definitely worth reaching out to their support people about.

     

    https://theblog.adobe.com/adobe-flash-update/

    _maria_
    Community Manager
    _maria_Community Manager
    Community Manager
    January 14, 2021

    If the wireless security camera is Arlo, the most widely mentioned security camera system here on these forums, per this post https://community.arlo.com/t5/Arlo/Chrome-is-ending-support-for-Adobe-Flash-Player/m-p/1716970, they have migrated away from Flash as of May 1, 2020.

     

    The Arlo Minimum Systems Requirements page, updated June 26, 2020, makes no mention of Flash Player being required.

     

     

    For completeness, Adobe announced Flash Player's end-of-life in July 2017, three and a half years ago, giving content creators over 3 years to migrate their Flash content to a different technology. Some have migrated, some are in the process of migrating, some won’t migrate.  Contact the creator of the content you are attempting to view to find out their plans for their content.

      

    For reference:

     

    For enterprises that are dependent on Flash Player, there are a couple options available to keep legacy applications alive. 

     

    Technical details can be found in the Flash Player Admin Guide, including Enterprise enablement feature: 

    Robert Mc Dowell
    Robert Mc Dowell
    Legend
    January 14, 2021

    welcome to facholand.... morality, never trust electronics and softwares today.

      Terms & ConditionsAccessibility statement
      Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices