Steve Jobs banished Adobe Flash from the iPhone in 2010. It was too insecure, Jobs wrote, too proprietary, too resource-intensive, too unaccommodating for a platform run by fingertips instead of mouse clicks. All of those gripes hold true. And now Adobe itself has finally conceded.
The company announced Tuesday that it would “stop updating and distributing the Flash Player,” giving the end of 2020 as its end-of-life date. With that, the internet’s favorite punching bag deflates.
No one should shed a tear for Flash’s coming disappearance. The web will be safer, faster, smoother without it. But between now and 2020, the internet does need to figure out how to deal with the remains.
Pain in the Flash
It’s rude to speak ill of the dead, but since Flash is technically still in the process of dying, we can allow ourselves a moment of reflection.
You can take your pick of arguments against Flash, but let’s start with security. It offers very little. In fact, for years now, it has constantly threatened to upend yours.
“Flash has been a favorite amongst exploit kit authors for several years,” says Jérôme Segura, lead malware analyst at Malwarebytes. “Due to an alarming number of zero-day exploits distributed via large malvertising campaigns in recent years, many in the security community have urged users to completely remove Flash from their machines.”
Take your pick of incidents just last year. Flash security holes enabled attacks against all major desktop platforms last October and June, with Windows-focused hits coming in May and April. This is not normal! There’s no great analog comparison for something so pervasive that fails so often, but imagine a heavily trafficked bridge that spontaneously gives way every few months. You should not drive on that bridge.
The real reason Adobe will move on from Flash, though, is the other big knock against it: obsolescence.
“The writing’s been on the wall long enough,” says Jeffrey Hammond, analyst at Forrester Research. Developers have already moved on from Flash over the last few years, embracing open standards that achieve the same ends—or close enough to it—without collapsing under the weight of security failures or browser incompatibility. Even Adobe has invested in HTML5 since 2010, and made a strong push in that direction in late 2015.
Adobe itself acknowledged the transition, though a bit less bluntly:
“As open standards like HTML5, WebGL and WebAssembly have matured over the past several years, most now provide many of the capabilities and functionalities that plugins pioneered and have become a viable alternative for content on the web.”
Source: wired.com