If you follow any news about security, you see the combination of zero day and flash all too often. The good thing is flash is becoming less and less of a "needed" piece of software to use the modern internet. First of for those that may not know, lets answer the question following:
What is flash?
Flash is a browser plugin written and maintained by Adobe, the same guys that build Photoshop. If you need to understand what a plugin is, here is the Wikipedia definition. But essentially it is a piece of software that runs or is triggered to run via another piece of software. In this case your browser (think, Internet explorer, Firefox, Chrome, Safari) allows the flash plugin to be installed and triggered to run when a website requests it.
What does it do?
That is a big question, instead of the technical, lets provide a few examples..
YouTube - when you play a video here (if you have flash installed), flash is the piece of software playing that video in your browser.
Kongregate - this is an in browser gaming site (one of my favorites), many of these games are written in flash and can only work if you have flash installed. Note usually the flash is the game itself not then entire site.
Advertisements: look anywhere. Ads on the web are everywhere and flash became so common an install that advertisers build ads in flash well, to give them "flash" to get your attention.
The Problem
Like I mention, flash is a constant attack vector for virus writers and hacker types. It’s a complex piece of software that continues to have security issues. This translates to a problem for you. Its fully possible that a website you visit, could have some malicious flash script that automatically runs when you visit the site. Just visit it, not download anything, not execute anything, simply visit. These flash scripts are using known or unknown (to Adobe) bugs in the flash plugin that allow lower level execution of code. Meaning something could be installed or execute on your actually machine that you don't know about. Not good.
Recommendation
Disable or uninstall flash. This is very much a personal decision, and can be done in an experimental fashion. Personally I go for the disable flash option, because I still need/want to do things that require it, like play games! Fortunately, sites like YouTube are slowly moving away from flash as it is no longer need to do something "simple" like play a video, YouTube will detect if you have it installed and play the video accordingly. Below I will go through the ways to disable flash in the 4 common browsers.
When disabling, you are prompted to enable flash when and where you want, which allows you to make the decision if you actually need it. You will be amazed at how often you don't, and how often you are asked (mostly from ads).
Disable Flash in Firefox
Disable Flash in Internet Explorer (IE)
Disable Flash in Chrome
Disable Flash in Safari (for windows)
Disable Flash in Firefox
Goto -> about:addons
Change "Shockwave Flash" from Always Activate to Ask to Activate
Disable Flash in Chrome
Goto -> chrome://plugins/
Click "Disable" on the Adobe Flash Player item
Disable Flash in Safari (Windows)
Go into Settings (the gear icon)
Click Preferences
Security Tab
Uncheck Enable plug-ins
Note - Unfortunately this may disable other plugins and not just flash.
Disable Flash in Internet Explorer
Open Tools (the gear icon)
Click Manage Add-ons
Click Toolbars and Extensions on the left
Change Show: "All add-ons"
Click Shockwave Flash Object in the list
Click Disable below
Enjoy, be secure.
JB
