Internet Security Fundamentals - Online Edition

29 Flash & Java

Adobe Flash started out as an animation technology that helped shape the look of the internet we know today, allowing designers to do pretty much anything they want visually. Over the years programming capabilities were added to Flash to the point where it included a fully-fledged programming language which opened it up to being abused by criminals. Flash was launched back in 1996 and bought by Adobe in 2005 and helped shape the internet as we now know it. But, after 15 years of security updates to fix security flaws, Adobe signalled the end of support for Flash Player after 31st December 2020 and blocked Flash content from running in the Flash Player after 12th January 2021. Not only that, Adobe also strongly recommends all users immediately uninstall Flash Player to help protect their systems. Modern web browsers that also had Flash functionality built-in have also long since removed this, so please make sure your browsers are set to auto-update.

 

For more information on how to check if you still have Flash Player or browsers that can play Flash, as well as how to dedicated uninstallers for a range of operating systems to remove them, please visit: https://www.adobe.com/uk/products/flashplayer/end-of-life.html Also, while you are at www.adobe.com make sure that you have the latest version of the Adobe Reader software, if it is installed on your computer. The free Adobe Reader software lets you view, print, sign and comment on PDF documents and is commonly used to replace printed software user manuals. There are regular security updates, so make sure you have the latest version by running the software and selecting Help - Check for Updates. You can also check for security updates at:  http://helpx.adobe.com/uk/security.html

Java meanwhile is a programming language that works on practically any electronic device with a computer chip inside it, e.g. mobiles, TVs, DVD players and computers. Java allows businesses to run complicated software across the internet. Programming languages though in the wrong hands can be dangerous thing, (someone had to think up the viruses) so adding additional programming languages to your computer that are accessible by a website exposes you further. The same way that adding two extra external doors to your house would decrease your overall security.

 

Security flaws in the Java programming language have allowed viruses to bypass your computer security. Finding and fixing these security flaws, without breaking something else or creating more flaws is incredibly difficult. Java has made the news numerous times with major security flaws. It’s important to know that Oracle (who owns Java) will ever email you to tell you that there is an important update for Java. It has a built-in updater that run automatically over set periods. You can always manually update your system by visiting www.java.com, but most importantly do not trust an email or popup from any other websites that say you need to update Java.

Java though, can pose a security risk even if you have the latest version installed and to put it into context, we are now on Java version 8, Update 411, with over 40+ major security updates released since it was released. Also, for years many of the Java updaters left the previous version untouched on your computer. Over time it was not uncommon to have two versions of Java on a Windows computer. Malicious websites and viruses are designed to look for the flaws and exploits in these older versions of Java as well as flaws in the more recent versions. Luckily the owners of Java have a created a tool for Microsoft Windows computers to check and automatically remove older versions at http://java.com/en/download/uninstallapplet.jsp

When updating Java, if prompted always uninstall out-of-date Java versions, otherwise any security issues will still be there until the old versions are removed.

Also, make sure that ‘Restore Java security prompts’ is selected.

 

Be on the alert for fake Java update prompts from websites like http://www.ddl-javaup.com which tell you that you are not using the latest version of Java and provides a fake update link.

I know I’m repeating myself, but always go to www.java.com to get your Java updates and don’t forget to verify that you have Java installed correctly after every update. If you have Google Chrome or Microsoft Edge as a default web browser on a PC, you will need to use Microsoft Edge’s Internet Explorer Mode to verify Java. Remember, even if you never use Internet Explorer Mode and only use alternative browsers like Chrome or Firefox, Java can still can be accessed, without you ever knowing.

For home users, I’d seriously consider removing Java from your computer unless you have a specific web service or program that requires it. You can easily re-install it at any time by going to www.java.com though the next best option is to remove the option to open Java content in a web browser. To do this uncheck the option "Enable Java content in the browser" and set the Security Level to Very High, this can be found in the Security tab of the Java Control Panel, located in the Control Panel in Windows. Further detailed instructions can be found at: https://www.java.com/en/download/help/disable_browser.html

For more information on how to remove Java for specific operating systems, see:

 

Windows: https://www.java.com/en/download/help/uninstall_java.html

Mac: https://www.java.com/en/download/help/mac_uninstall_java.html

Linux: https://www.java.com/en/download/help/linux_uninstall.html

 

While Flash and Java represent two of the biggest web technologies that have been exploited by criminals, there are others. Microsoft Silverlight is another free web-browser plug-in technology similar to Adobe Flash used by catch up TV services, music / video streaming services and certain business applications. While it has had its fair share of security issues, the largest was a potential vulnerability used by the notorious Angler Exploit Kit and updated to target PCs and Macs that had Silverlight installed. This particular vulnerability was fixed via a security update, so double check first to see if you have Microsoft Silverlight installed and if you do, check your update settings. Next, if you are on a PC, run Windows Update and check for any Silverlight updates, including in the Optional downloads section.

My advice for the past few years was, if you don’t need Silverlight, I recommend uninstalling it as there is no point having potential security vulnerabilities as a result of something you never use. Anything that needs it will ask you to install it and as it is a free download, you have nothing to lose. This has all changed as Microsoft Silverlight will no longer be supported after the 12th October 2021, so it’s no longer a recommendation to uninstall, but a necessity.

Index or next chapter Removing A Virus


Like what you see? Purchase an offline copy (PDF is updated quarterly)
Also, volume Licensing available for up to 100 copies from £0.40 a copy