What’s an obvious, practical step we can take to put a stop to this, and in one stroke greatly improve global information security?
It’s simple. All the important browser vendors need to agree to “flashblock” by default. What is flash blocking? Basically, it just means you need one extra click to watch (some) internet videos.
If you’re reading this in a desktop browser, stop right now and follow one of these links:
If you’re an IT manager, there is no excuse for not deploying these across your organization right now. If you’re a technology enthusiast, help evangelize flash blocking, and install it on the computers of friends and relatives.
But even though these exist, it’s not good enough. It’s really time for the vendors to come to a rough consensus and agree to do this by default.
I think the Internet Explorer model is actually the best; make it per-user, per-domain. All Microsoft has to do is toggle that switch in their code. But the incentive for them to do it is low if users are going to complain that on (some other browser) they need one less click to watch that video.
So consensus needs to be built. Mozilla, Microsoft, Google, and Apple need to agree to take action. Apple is trying but they can’t do it alone.
The work that’s been going on to replace Flash with HTML 5 is great, and now is the right time to start actively deprecating Flash on the Web.
The cost is so low. Just one extra click. The benefit is millions of consumer computers being notably more secure, again by default.
Further reading on simple, effective tips for improving your security are in this lifehacker post.
(This post was brought to you by years of having to de-virus my family’s computers)