Time for the Flashblock browser extension

The Adobe Reader and Flash player currently have critical unpatched bugs.

Yet again. Been there done that, way too often in fact.  

Defending against the Adobe Reader is easy, just un-install it and use alternate PDF viewing software. Not much else to say.

Avoiding Flash is not as practical. The current Flash bug, for example, exists under Windows, Macs, Linux, UNIX and even the Android operating system. Flash is also included in the Adobe Reader, another reason to seek out an alternative.

The good news is that it is fairly easy to defend our browsers against Flash. Doing so, requires installing a browser add-on/plug-in/extension.

Writing in The Register Dan Goodin suggested using NoScript in Firefox, a recommendation that was echoed by Brian Krebs. I disagree, for two reasons.

For one, NoScript does not run in Chrome, Google's up and coming browser. Then too, NoScript does a lot, it is not just focused on Flash, and thus may be overkill and/or intimidating for non-techies.

In contrast, there are fairly simple Flashblock extensions available for both Firefox and Chrome. Each  replaces instances of Flash in a web page with placeholders. The Flash does not run, by default. If you want it to run, you simply click on the placeholder. An example is at the end of this posting.

The Firefox extension has been downloaded over 9.4 million times. Below is a cheat sheet for installing it.

You can get Flashblock for Firefox here.  To install it click the green "Add to Firefox" button.


This brings up another window, shown below. Click on the "Install Now" button.


After a few seconds, you will be prompted to restart Firefox. Do so.


After Firefox restarts, it tells you that  a new add-on has been installed. This window also offers an "Options" button where you can configure Flashblock.


The defaults strike me as fine, there is no pressing need to make any changes. But, if you want to also block Silverlight (Microsoft's competing product to Flash) you can do so here. 

In addition, if there are websites where you want to run Flash unequivocally, they can be added to a whitelist.


As an example of Flashblock in action, the web page below is used by WEEI in Boston for their live streaming. It consists of three instances of Flash, each represented by a gray circle with a black "F" in it. To activate an instance of Flash, just click on the gray circle.


This is an unusual case, as  it requires three clicks, normally one is sufficient.  Click, click, click and you see the streaming app in all its glory.


The intro to the Planet Mikey show is a hoot. Coming up, Flashblock for Chrome.

Update: Giorgio Maone, the author of NoScript makes an excellent point in the comments below: Flashblock can be circumvented and thus is not rock solid defense. In his own words, referring to Flashblock on both Firefox and Chrome he says they are "great against annoyances, but too easy to circumvent to be hacker-proof." 

This does not, however, mean that there is no value in Flashblock. Often, defensive tactics are imperfect, but nonetheless you are safer with them than without them. Think antivirus software.

NoScript is for techies, Flashblock is for non-techies. NoScript is married to Firefox, there is a Flashblock for Chrome. There is no one answer for all people in all circumstances. 

Somewhere, Steve Jobs is thinking, "I told you so". 

Computerworld's IT Salary Survey 2017 results
Shop Tech Products at Amazon