Flash is pretty much the internet’s appendix. No one’s sure why it’s still around, it’s extremely liable to become infected, and yet somehow the pressures of natural selection have yet to eliminate it from existence. For some users, all that misery will end today.
As of September 1st, Google has decided that Flash advertisements will no longer autoplay on its Chrome browser. As of the very same day, Amazon will no longer accept any advertisements in the Flash format on its site. With Flash being choked off by two of the internet’s largest companies, this also represents the death of one of the web’s largest vectors for malware distribution.
Information security risks, especially those that affect home users as opposed to companies, are centered heavily around Flash. Most organizations automatically patch their systems to eliminate Flash vulnerabilities, but lots of home users, like your mom, do not. Black-hats love that kind of thing. They’ll create an ad, one that doesn’t actually advertise for a given company, but looks familiar — nothing that would seem out of place on a webpage. The placement of ads on webpages is usually mediated by some kind of automated third-party marketplace. There’s not usually a human being checking advertisements for malware, which is why these infected ads get placement on many highly-trafficked websites. When your mom visits one of these sites, her browser automatically loads the Flash video to play the ad, it also downloads a bit of malware, and just like that, your mom’s computer is part of someone’s zombie army. She doesn’t even need to click the ad.
Now that Chrome no longer auto-plays Flash ads, your mom’s computer (and you dad’s, and every clueless friend of yours who calls you because you’re ‘good with computers’) is safe from some of the most common nastiness on the ‘net. In fact, the only people complaining about this move are the advertisers.
[Post image via Shutterstock]