Remote Browser Isolation

Flash to the Trash


Adobe has finally thrown up its hands in surrender, announcing that its 25 year-old multimedia smash hit, Flash, will soon be consigned to the dustbin of computing. Adobe is pulling the support plug in 2020.

Originally created and marketed in 1992 by Macromedia, Flash added rocket fuel to the web-browsing explosion, bringing ultra-cool web-based video, animation, and interactivity into ubiquitous use, enabling developers to create exciting rich content that could run on any computer or browser. 

Software giant, Adobe, acquired Macromedia in 2005 and, for more than a decade, has been delivering generations of breakthroughs for our viewing and listening pleasure. With the addition of the CS3 and CS4 versions in 2007 and 2008, followed by the wildly popular ActionScript scripting language, developers were quickly able to add complex interactivity, playback control, and data display to their applications. Flash on home pages and PowerPoint was all-the-rage.

Talk about a top-ten hit! Only a rare computer game or company presentation missed the revolution.

Death Knell

While I mourn Flash’s impending doom with Adobe’s recent announcement, the death-blow was actually delivered a decade ago when Apple made it a point not to support Flash in their soon-to-be-introduced iPhone. That famous innovator, Steven Jobs, triggered a movement toward competing technologies that wound up as today’s wildly popular HTML5.

In the beginning, the proprietary Flash plugin that loaded Flash content was the major enticement of the technology. It guaranteed that the content would behave identically on any browser or computer. But once competing technologies that could run natively in web browsers caught on, that very same plugin became a liability.

As a result, the number of websites that employ Flash is constantly decreasing. Five years ago, about 30% of websites used Flash in some way. As of 2016, Flash usage had fallen below 10% and continues to drop steadily to this day. 

Security Concerns

What really bothered Steve Jobs, and many others, the most was cyber security. Back in the 1990s when Flash was conceived, most users had never heard of viruses, malware or hackers. But as we all know too well, security is the name of the game now.

Flash was designed without security in mind. It has always been peppered with security holes, many of which are routinely exploited. Ransomware and phishing attacks regularly hitch a ride on the Flash stream and wreak mayhem on enterprise computers and data.

For years, Adobe has been spending big money trying to patch the vulnerabilities. While the company has made considerable progress, Flash continues to be a hacker magnet.  For example, last year, Adobe released an update for Flash that addressed more than thirty vulnerabilities including the infamous CVE-2016-4171 remote code execution vulnerability that has been frequently exploited to install malware on victimized computers.

Adobe has finally admitted that it cannot provide a sufficient level of security in the product, hence the announcement that Flash will be discontinued in 2020.

Who is Affected?

While most websites no longer use Flash, there are still a number of prominent websites that haven’t yet made the switch, including CNN, NBC, Vanguard, J. P. Morgan, Oracle and many more.

But the owners of these websites are not the most affected by the security problems in Flash. Those browsing them are. By merely maintaining their everyday web-browsing habits, the average user is inviting malware and other security threats onto the endpoint, where they are well positioned to escalate within the corporate network.

How Can Organizations Protect Ourselves?

I’ll bet that most Internet users within your organization are unaware of which websites use Flash and which don’t. Why is that their problem? The average employee is not savvy enough to think about the underlying code on the sites they browse. 

The only way that security and IT staff can keep malware from hitching a ride on Flash (and other widgets and apps, for that matter), is to make sure it can’t get onto the endpoint in the first place. Anti-virus and other detection systems are certainly helpful in the fight against cyber attacks, but these are after-the-fact remedies—they look for signs of breaches after they have occurred.

We need something that keeps the threats from breaching the network in the first place!

Isolated browsing takes the risky execution of web content – like Flash— away from the endpoint and isolates it on a remote system. There, all the Flash and other potential threats are stripped out and only an image of the website is actually delivered to end users.

The websites look and act the same to users, but all that “behind-the-scenes processing” that comes in with the website and invites cyber security problems no longer happens on endpoint devices, but somewhere else, transparent to the user.

More than 90% of undetected threats originate through the web. A recent Gartner report states, “Isolation is the single most significant way to eliminate web attacks and will be adopted by most enterprises.”

I agree.

This is precisely the catalyst for developing Ericom Shield for Secure Browsing. It delivers an innovative browser-isolation technology that prevents malware and zero-day attacks from ever reaching the end-user.

Contact us today to request a one-on-one demo of Ericom Shield

Mendy Newman

Mendy Newman

Group CTO, International | Ericom Software