Skip to main content

Don't kill Flash, says Cisco security veteran

Flash might be a buggy program with multiple holes in its system. Flash might also be extremely vulnerable and a potential risk to millions of users out there.

But Flash should not be discarded, believes Cisco security veteran John Stewart, saying it might in fact be the lesser of two evils.

Facebook's CSO Alex Stamos has called for the death of Flash, and Mozilla was one of the companies to follow that trend, labelling Flash a threat, and later dumping it from its Firefox browser.

TrendMicro also labelled Flash a threat. However, Stewart believes Flash should not be discarded easily as whatever replaces it might be worse.

"I have a lot of sympathy for the (Adobe) teams. They need to weather the storm," Stewart told The Register in a media call on Friday.

"Adobe is zeroing in on ensuring security testing happens across their portfolio in a big way.

"If anyone thinks something is better than Flash then they need to consider what that alternative is against doubling-down security efforts on what we already have."

The number of malware attacks through Flash rose 317 per cent in the first quarter of 2015.

The McAfee Labs Threats Report May 2015 paper (PDF (opens in new tab)) says that the number of recorded Flash malware instances was almost 200,000 in Q1 2015, compared with 47,000 in Q4 2014.

Flash has been drawing a lot of attention to itself with the frequent attacks on unsuspecting browsers done through the platform.

For example, back in February this year, one of the most popular websites in the United States, Forbes, was used for a similar attack.

Sead Fadilpašić is a freelance tech writer and journalist with more than 17 years experience writing technology-focussed news, blogs, whitepapers, reviews, and ebooks. And his work has featured in online media outlets from all over the world, including Al Jazeera Balkans (where he was a Multimedia Journalist), Crypto News, TechRadar Pro, and IT Pro Portal, where he has written news and features for over five years. Sead's experience also includes writing for inbound marketing, where he creates technology-based content for clients from London to Singapore. Sead is a HubSpot-certified content creator.