Posted on April 16, 2024 in Technology

What Remains of Flash

It’s been a while since Adobe Flash was made defunct.

What Did Flash Actually Do?

Flash was one of a host of plugins that allowed users to view ‘rich’ content. Everything from Flash games to autoplay audio to vector graphics to dynamic menus… if the website had visuals besides plaintext on it, there was a solid chance Flash was used somewhere. Adobe Flash Player sorted to the front of the pack because it was free, and played well with most mainstream browsers. It allowed a whole new world of interactive content! Since most browsers had a version of Flash, most websites were able to use Flash content – notable exceptions included Apple products. Even then, Safari could still view it.

Why Drop?

Adobe Flash and Flash Player had problems. They always had problems, but the benefits of dynamic content and nice, quickly-loading visuals outweighed the issues Adobe Flash had. Most of the time, Flash was used on a stationary device that didn’t need to worry about battery, like a home computer. Laptops were growing in popularity, but they were still bulky, and often prioritized battery life over size. Flash could afford to be a little inefficient to get the content moving on screen faster.

Then the first iPhone came out. Safari users could access Flash content, but most webpages weren’t optimized for mobile yet, so the iPhone was using excessive battery on websites anyway. The next gen of smartphone owners, who also had Android or Microsoft devices, noticed that Flash ate battery life even though the website was designed with mobile in mind. That was more of a problem now that smartphones were popular, but vendors hoped they would improve on their own. After all, Flash was always updating to keep up with browsers and plug-ins.

Windows 8 came with Flash Player bundled in, and it was better, but it still wasn’t the picture of perfect efficiency. What was Windows going to do, reinvent the wheel, and then ask everybody to switch to their version of Flash, for greater efficiency? No. Adobe’s products were fine, and fine doesn’t have to be perfect. They filled a gap, and they enabled a lot of creativity via those browser games, which eventually became Flash’s number one usage for users aged 10-20. Interactive content needed Flash.

Adobe’s advantages far outweigh their negatives at this point. However, that was about to change.

Security

Having a tool that can run rich content all by itself was great. However, Adobe was about to get into a slog of zero-day attacks and malware fixes that would have ruined anybody’s reputation, in 2013. Flash’s widespread use meant that hackers could assume Flash Player was on a targeted device. By creating online ads that contained specially designed malware, hackers could get into any device where Flash content could play. It was as good as an open door if the virus could trick the browser into thinking it was also Flash content that needed to be downloaded to view the page. Suddenly, a Trojan Horse is on the device!

Antiviruses of the time could stop the clumsy attempts before they became a real problem, but undefended people were often unpleasantly surprised by a Flash malware getting into their system and downloading things. 2013 onwards saw a constant uphill grind against hacker organizations who had access to real tools and real skill.

Apple then releases a memo clarifying that they won’t be using Flash because of these security issues. A malware known as Flashback had infected about 600,000 devices, and Apple is unhappy – users were duped into downloading a fake Flash update that was indistinguishable from a real Flash update notice. ‘Don’t download things from a third-party website’ is common advice now, but because Flash was always pushing to keep users as patched up and flawless as possible, they often pushed these ‘update Flash’ notifications to other websites that were hosting Flash content. You might remember the gray screen and plug warning when trying to play a flash game – Flash did that so often it got kids as well as adults.

The Outdated

Flash did a lot of things, but they were all things that could be done better if web developers had better tools. HTML5 was released in 2014 and was extremely lightweight compared to Flash. It used web browsers to its advantage, by using a tagging system that most browsers (which was updated for the new tech) could interpret, rather than download. Since less data needed to be shared over the user’s internet connection, the content loaded faster – all the browser needed was those tags.

There were issues with this, in the early days of HTML5, different browsers could interpret the same tag differently, and sometimes older versions couldn’t interpret a new tag at all, but it was so much easier to work with and so much faster that minor issues were overlooked. Another bonus was less malware!

HTML5 and WebAssembly both step in to take some of the weight off of Flash after it’s first major security event, and people notice that loading times have gone down. Apple’s departure from Flash also slashed it’s popularity, and Flash starts it’s downhill decline.

Support

Adobe announced it was planning for Flash’s End-Of-Life a whole three years before the end-date to give developers time to remove it. Still, for older sites that couldn’t switch, an open-source project called ‘Ruffle’ hopes to fill the gaps and keep Flash games running a bit longer. Ruffle behaves a lot like Flash, but it’s third-party. The website itself has to support Ruffle’s use, so if all the Flash stuff was abandoned because the website itself was abandoned, Ruffle isn’t going to be much help. At least there is an option, though, as limited as it may be.

Ironically, Flash was so deeply embedded in the fabric of the internet that fake Flash updates are still getting people. Remember, if a pop-up says you should update something on your device, whether it’s Minecraft or Excel, you should always go to the home site and verify it there. It’s really easy to copy an application’s layout nowadays!

Sources:

https://www.adobe.com/products/flashplayer/end-of-life.html

https://www.infosecurity-magazine.com/news-features/flash-post-support/

https://blogs.windows.com/msedgedev/2020/09/04/update-adobe-flash-end-support/

https://www.forbes.com/sites/barrycollins/2020/06/22/adobe-flash-cut-off-will-kill-millions-of-websites/?sh=413027e3d718

https://blog.trendmicro.com/history-of-flash-zero-day-and-other-vulnerabilities/