10 Years of Flash!
Posted by Gunter Ollmann on December 13, 2006 at 12:34 PM EST.

I hear that I missed a beach party - assuming you could call those seaside pebble gardens in Brighton a beach.  "Flash on the Beach" celebrated 10 years of Flash.

Starting off life as Future Splash before being renamed Flash! in 1996 by new owners Macromedia, and now part of the Adobe product suite, it is supposedly installed on around 90% of desktop systems.

Love it or loathe it, it's managed to hang around as the preferred client-side web animation tool for a decade and will likely to maintain that premier spot for a few more years.

While there have been several very notable security vulnerabilities with the product and it has been leveraged for many a desktop compromise, I would say that it has done pretty well from a security perspective.  However I do fear that we will see an increase in attackers making use of its custom programming language to create and launch obfuscated attacks that exploit other vulnerabilities within web-browsers.  Certainly we have already noticed a large shift towards the use of JavaScript to obfuscate web-browser exploits and their payloads.  Doing the same in Flash will make it more difficult for traditional signature-based protection systems (e.g. AV) to provide any kind of protection at all.

I can't say I'm particularly enamored with Flash.  I hate all the advertisements that use it - popping up over the top of what I'm trying to read - requiring me to click a 'close' option to get rid of the advertisement.  I also hate the fact that it slows things down when I'm traveling - holed up in a hotel with a dial-up connection or with 512k shared amongst 200 rooms.

My solution for the last 4 years is to have several browsers installed on my laptop- some of them with flash installed, some without.  I typically use a non-IE browser without Flash (or any plugin's) installed for web surfing, and will flick to a browser that has it installed if I really need to navigate the site in Flash animations etc
    Copyright 2001-2007 © Gunter Ollmann