IN 2010, STEVE Jobs banished Adobe Flash from the iPhone. It was too insecure, Jobs wrote, too proprietary, too resource-intensive, too unaccommodating for a platform run by fingertips instead of mouse clicks. All of those gripes hold true. And now Adobe itself has finally conceded.
The company announced Tuesday that it would “stop updating and distributing the Flash Player,” giving the end of 2020 as its end-of-life date. With that, the internet’s favorite punching bag deflates.
No one should shed a tear for Flash’s coming disappearance. The web will be safer, faster, smoother without it. But between now and 2020, the internet does need to figure out how to deal with the remains.
It’s rude to speak ill of the dead, but since Flash is technically still in the process of dying, we can allow ourselves a moment of reflection.
You can take your pick of arguments against Flash, but let’s start with security. It offers very little. In fact, for years now, it has constantly threatened to upend yours.
“Flash has been a favorite amongst exploit kit authors for several years,” says Jérôme Segura, lead malware analyst at Malwarebytes. “Due to an alarming number of zero-day exploits distributed via large malvertising campaigns in recent years, many in the security community have urged users to completely remove Flash from their machines.”
Take your pick of incidents just last year. Flash security holes enabled attacks against all major desktop platforms last October and June, with Windows-focused hits coming in May and April. This is not normal! There’s no great analog comparison for something so pervasive that fails so often, but imagine a heavily trafficked bridge that spontaneously gives way every few months. You should not drive on that bridge.