In a previous article I outlined how the use of Adobe Flash can increase the opportunities for malicious hackers to compromise your computer.
There are several ways to protect yourself from these types of attacks – enabling Click to Play, for instance, is one of them – ensuring that Flash-based elements only load in your browser on your command.
That’s not all you can do, though.
Let’s start with the first scenario: that you don’t want to completely eradicate Adobe Flash from your computer.
In order to achieve this, you’re going to have to think about your updates. They may be the bane of your digital life, but software updates are crucial to staying afloat online, whatever operating system is installed.
First, let’s take a look at how you can check whether you’re running the latest – and safest – version of Flash.
Checking your Flash version
If you’re unsure about what version of Flash you’re running, or whether you’ve got Flash installed at all, head on over to the Adobe help page.
Click the yellow “Check Now button” and wait a few seconds.
If you’re running the latest version of Flash, you’ll be presented with a brief confirmation. Otherwise, you’ll be provided with an alert instructing you to directly download the latest version.
Updating Flash
Google made technology headlines after announcing that the Chrome web browser would contain an automatically updating build of Flash Player. Back in 2010, Paul Betlem (Senior Director of Flash Engineering) attributed this move to creating a “safe experience” for everyone.
If you’re not a Chrome user, or are just wondering how you can stay on top of your Flash updates, keep reading.
The first – and most straightforward – way to ensure you’ve got the latest version of Flash installed: visit the Flash Player download page and install the latest version.
A quick side note: make sure to untick any “special offers” or added extras that might appear!
Otherwise, you can look behind the scenes to the Flash Player Settings. The easiest way to invoke the Settings screen is to right-click on an element of Flash content on a website.
From the context menu that appears, choose “Global Settings.” You should now see the “Flash Player Settings Manager” on your screen. Look for the “Advanced” tab to check your update preferences or force another check for the latest version.
If it’s not already, I’d recommend setting your update preference to “allow Adobe to install updates” on an automatic basis, where any urgent security patches are installed without user intervention. Adobe aims to notify you before installing any non-emergency updates, however.
Allowing Flash to “notify me to install updates” is the only acceptable alternative, where the Flash plugin checks for new versions on a regular basis, prompting you to install any patches. This applies to all types of update, regardless of urgency.
Opting to “never check for updates” means that you’ll only be able to find the latest version of Flash from the Adobe website. Here, you won’t be notified of any vulnerabilities, or the critical updates which patch them.
Removing Flash
Although you can disable Flash from running inside the browser you use, I’d recommend a complete uninstallation if you want to rid your computer of it for good. What’s more, simply disabling Flash in your browser might not be enough to protect your computer!
If you use several browsers on Windows, you may have more than a single version of Flash Player installed. It’s easy to remove them all in one fell swoop, though.
First, open the Control Panel. Next, select “Programs and Features” to view your list of installed applications. Here, you’ll see any Flash plug-ins you have installed. In turn, select each of the plugins associated with Adobe Flash Player in turn and click “Uninstall.”
A similar process applies for Mac OS X users. This time, you’ll need to download the appropriate Flash Uninstaller from Adobe.
Locate the downloaded disk image (ending with “.dmg”) and double click on it. A new window should appear; simply double click on the “Adobe Flash Player Uninstaller.app” inside to get started.
You may receive a prompt asking you to confirm whether you’d like to open the application. Click “Open” to bring up the Uninstaller.
After being asked for your username and password, the uninstallation will take place.
You may receive a prompt asking you to confirm whether you’d like to open the application. Click “Open” to bring up the Uninstaller. After being asked for your username and password, the uninstallation will take place.
Uninstallation procedures vary if you’re using a Linux distribution. The most common commands are as follows:
- If you’re using a Chromium-based browser, run this at the command-line:
sudo update-pepperflashplugin-nonfree --uninstall
- If you’re using a Firefox-based browser, run this at the command-line:
sudo apt-get remove flashplugin-installer
Further reading:
- Plugins – yes, they’re handy but they also increase the surface of attack
- How to update Silverlight – or uninstall it completely!
- How to update Java – or uninstall it completely!
Long response (who would have guessed ?) so I would say that once you have flash removed (if that is indeed what you want) or even if you've updated it, you should be aware of the two points I cleverly labelled '1' and '2' below. The rest refers to the fact that flash might be called something else on other distributions – if a package is even installed. CORRECT: You do NOT have to have flash INSTALLED in the SYSTEM for IT to WORK!
'If you're using a Chromium-based browser, run this at the command-line:…'
That would be the Debian way or otherwise Ubuntu (which is derived from Debian). The package in the Red Hat distributions is 'flash-plugin'. Fedora nowadays uses 'dnf' (but you can still use yum e.g. because it has far superior logging via yum-deprecated) whereas some others still use yum. In any case, the command remains the same : 'yum remove flash-plugin' (or yum-deprecated where applicable) or 'dnf remove flash-plugin' (i.e. remove package_name). Of course you'll need root privileges either through sudo or through a root shell (through su[1] or at the console if you wish). It's been too long since I've used any of the other distributions to remark on package managers.
But there are two other points to consider:
1. Remember that a user might have the .so (shared object) in their home directory e.g. ~/.mozilla/extensions/libflashplayer.so …Firefox might default to using the system version but technically you could make it use the user version, a version which might be vulnerable. Even if normally there are protections in place (and I'm not saying there is) there are many ways to fool the systems and indeed files in user directories (or actually any directory where you don't expect it) can be a nightmare if you don't know what to look out for (or even if you do!).
2. Just because a file is removed does not necessarily mean it isn't still being referenced (I won't get into the technical details but you should close any process that used it if you want to be 100% certain it is no longer there and this isn't flash specific). No, that doesn't mean you have to reboot.
[1] Contrary to popular belief: there are legitimate reasons for using 'su' (and definitely legitimate reasons for directly logging in as root at the console – though for administration only as always the case for privileged users) instead of 'sudo' and there are pros and cons to both. If you're logged in as root always do yourself a favour and never do it again.
How to unistall or disable integrated flash player from windows 10 TH2?
What can I do if my old scanner use a Flash interface? (and of course the company wouldn't provide a new interface). P.S. Stupid answer would be "get rid of your old scanner and buy a new one).
The intelligent answer is to throw it out. Scanners are cheap.
Thank you for the overview, but as far as I can tell, this article on Flash does not actually tell how to "uninstall it completely" from Windows 10.
Even without the plugin (which I never installed) there are (even visible) remnants in Edge and in the Control panel, and I have a hunch there are various files, logs and registry entries pertaining to it too.
While Edge has a toggle for Flash, that doesn't "uninstall it completely" either.
My main concern is will I still be able to watch NFL Sunday Ticket if I remove Flash from my Mac?
This article was outdated when it was written: Flash has been integrated into winshit 8.1-10 and M$ refuses to allow true un-installation. I would link articles threads various places including M$ forums themselves but you can find them yourself.
The only true solution is not to run M$. Unfortunately for some of us that isn't an option because we're forced to use company-made software that only runs under it. If you are not in that situation then you NEED to learn Linux if you don't want to get pwned.