We have reported previously on the vulnerability of Adobe Flash. In March, the service had a major ransomware attack, and both Google and Mozilla have announced they will begin discontinuing support this month.
Microsoft has decided on a different route, however. Rather than abandon it completely, the company has implemented new security measures. This could give them an edge over the competition, as many websites still use it.
The Security Measures
Foremost in Microsoft’s new plan is forced updates. Many of Flash’s vulnerabilities come from earlier versions, and new exploits are often fixed soon after they appear. Fixes are of no use, however, if the user has been running the same build for ten years.
Edge will automatically update Flash as soon as a new build is released, leaving no room for user error. This should be an efficient solution to the problem, though it could also come with some minor niggles.
Foremost is bandwidth usage. One of the reasons behind giving users a choice is that broadband plans aren’t always unlimited. Though Flash updates aren’t usually large, it could be enough to push some over their cap.
Storage is another factor, though it’s unlikely the updates would take up enough space to make any serious dent. We can also assume that Microsoft would delete the relevant files after install.
Edge also provides extra security by isolating the Flash process in a separate AppContainer. This should further security, and extra protection is even available for businesses.
Changes to Flash in Windows Anniversary Update
Central web content still plays, but inconvenient content such as ads or minor animations only play on request. Microsoft says this significantly reduces power consumption, something they have been holding over Google’s head of late.
The company warns that despite the support, they still do not condone Flash long term:
“We encourage the web community to continue the transition away from Flash and towards open web standards,” says John Hazen, Edge’s principal program manager lead, “Standards like Encrypted Media Extensions, Media Source Extensions, Canvas, Web Audio, and RTC offer a rich way to deliver similar experiences with increased performance and security.”
Still, with a lot of Flash content still on the web, it’s good to see one service that will still offer support. The lack of Flash Player can mean an inability to use some websites at all, so even Chrome users may fire up Edge to give it a try.