This article is in response to RainbowStar, a very active member of our InfoAve Forum. He asked: “Is there an alternative to Adobe Flash Player that works the same? I don’t like reading things like this “Adobe Fixes Flash Player XSS Flaw, Warns Of Ongoing Attacks” (We’re publishing the entire article at the end of this.) Thank you in advance!” (You can read his original post here: http://infoave.ipbhost.com/index.php?showtopic=31997 )
Unfortunately Adobe Flash is proprietary and Adobe Flash Player is required to view it. If you have an Apple iPad, you probably already know that you can’t view Flash in it. Steve Jobs called Flash buggy and that caused a great rift between Adobe and Apple. Well it looks like Steve Jobs was at least partially right. Adobe Flash has had more problems with security than Microsoft — and that’s saying something. It seems every time I view a Flash object — Adobe has a new update for me to download. Nine times out of ten, those updates are patches for security holes and leaks which have been exploited by miscreants to backdoor some malicious file or another.
Fortunately, HTML5 – the newest iteration of HTML – is a powerful programming language that can do many of the things that Flash can do – without requiring a browser add-in. HTML 5 is going to change the Web and how we view it. Microsoft’s ill-fated Flash-clone, Silverlight, has been all but abandoned – and hopefully they’ll be a day soon when Flash is all but abandoned too. But that may be wishful thinking – some program installers and slideshows are powered by Flash – so HTML 5 is not going to replace Flash entirely.
(Note: If you’re interested in learning more about HTML5 and what it can do – visit this page: http://html5demos.com/ . If you’re using Internet Explore you’ll notice that IE is not fully compatible with HTML5 yet – so some of the demos won’t work in IE If you want to see all of the demos use Google Chrome.)
There are no alternatives to Flash Player and there will probably never be; but we never like to save never.
Now here is the entire article about the problems with Flash Player:
“Adobe Fixes Flash Player XSS Flaw, Warns Of Ongoing Attacks
One day after the company released its monthly patch update, Adobe was out again with an emergency update to its Flash Player software, fixing seven holes, six that could lead to remote code execution and one that’s already being exploited in the wild.
The company released patch APSB12-03 on Wednesday. The update specifically applies to Adobe Flash Player 11.1.102.55 and earlier builds for Windows, Macintosh, Linux and Solaris and early Android users. It includes a fix for a cross-site scripting vulnerability that is being used in targeted attacks, according to the company’s bulletin Wednesday. ( The patch is available here: https://threatpost.com/en_us/blogs/adobe-fixes-shockwave-hole-february-patch-021412 .
Adobe released APSB12-02 and APSB12-04 on Tuesday as part of its monthly patch release , fixing a critical security vulnerabilities in Shockwave Player, and another affecting its RoboHelp authoring product.
The critical Flash update came a day later. For users who cannot update to the latest version of Flash Player, Adobe’s prepared a patch for Flash Player 10.x and Flash Player 10.3.183.15 that can be downloaded here . http://kb2.adobe.com/cps/142/tn_14266.html . “
There are actually third-party SWF renderers like GNASH, LightSpark, SWFDec et al, but they don’t pay for video codecs (like H.264) like Adobe does.
Security is actually pretty good… there are ongoing improvements against identified vulnerabilities, but the only real exploits I’ve seen have been zero-days in spear-phishing through email & browser. Bigger risks run from browsers showing fake “Download Flash” dialogs.
jd/adobe
Speaking of alternatives, will you publish an update to an article you wrote in (I think)late 2008. It was titled MOST ANNOYING PROGRAMS–AND ALTERNATIVES.
I’m particularly annoyed with those that constantly challenge my installation choice to NOT have them automatically start-up when Windows starts. i.e., Quicktime. Lots of websites I visit on a regular basis must be using Quicktime in their creation, and every time I change pages within the website, the Quicktime pop-up raises it’s ugly head with each page, and I have to click “NO” each time. I’m sure the pop-up comes from my WinPatrol program which I’m grateful for but it’s driving me nuts that Quicktime is so persistent.