Skip to main content

Don't kill Flash, says Cisco security veteran

Flash might be a buggy program with multiple holes in its system. Flash might also be extremely vulnerable and a potential risk to millions of users out there.

But Flash should not be discarded, believes Cisco security veteran John Stewart, saying it might in fact be the lesser of two evils.

Facebook's CSO Alex Stamos has called for the death of Flash, and Mozilla was one of the companies to follow that trend, labelling Flash a threat, and later dumping it from its Firefox browser.

TrendMicro also labelled Flash a threat. However, Stewart believes Flash should not be discarded easily as whatever replaces it might be worse.

"I have a lot of sympathy for the (Adobe) teams. They need to weather the storm," Stewart told The Register in a media call on Friday.

"Adobe is zeroing in on ensuring security testing happens across their portfolio in a big way.

"If anyone thinks something is better than Flash then they need to consider what that alternative is against doubling-down security efforts on what we already have."

The number of malware attacks through Flash rose 317 per cent in the first quarter of 2015.

The McAfee Labs Threats Report May 2015 paper (PDF) says that the number of recorded Flash malware instances was almost 200,000 in Q1 2015, compared with 47,000 in Q4 2014.

Flash has been drawing a lot of attention to itself with the frequent attacks on unsuspecting browsers done through the platform.

For example, back in February this year, one of the most popular websites in the United States, Forbes, was used for a similar attack.