Uninstall Flash Player
In my book, I made it clear that the Flash Player (that little browser plugin that you’re constantly having to update due to new security bugs) is one of the prime targets of hackers. In the last week, in the wake of the Hacking Team being hacked, there have been no fewer than 3 “zero day” flaws exposed in Flash (unfixed bugs that allow hackers to exploit your system).
So, it’s time to throw in the towel. It’s time to just remove Flash from your system. It’s not worth the risk. Most web sites have abandoned Flash, and after this latest security debacle, that trend it surely going to accelerate. Most web sites will work just fine without Flash – and if not, there are workarounds (see below).
Mac users see this article; Windows users see this article.
Workaround
I personally prefer the Firefox web browser, but I use Chrome as a backup in certain cases – usually when my rather Draconian security settings on Firefox break some web site and I can’t figure out how to unbreak it. Chrome actually bundles Flash directly into the browser and goes out of its way to try to “sandbox” Flash (preventing it from reaching out into things it shouldn’t be touching). So the workaround is to use Chrome in those cases where you simply have to use Flash. That is, even if you uninstall Flash using the above directions, it will still be embedded into the Chrome browser, so you can still use it. NOTE: Chrome is not necessarily a safe way to use Flash, either, but it’s probably the safest option you have (short of using a virtual machine).
Need practical security tips?
Sign up to receive Carey's favorite security tips + the first chapter of his book, Firewalls Don't Stop Dragons.
Don't get caught with your drawbridge down!