Java and Flash

Joined
Jul 18, 2013
Messages
11
Reaction score
0
Points
1
I read often that it's good to not have Java and Flash. Can you explain this? I downloaded Flash after getting a new computer because messages appeared saying Flash was needed to see such and such a video. Are there alternatives?

Thanks
 
Joined
Jul 24, 2013
Messages
5,080
Reaction score
776
Points
113
Location
Ohio (USA)
Your Mac's Specs
2023-14" M3max MBPro, 64GB/1TB, iPhone 15 Pro, Watch Ultra
Both Java (& Javascript) and Flash have been favored by malware creators as a way to infect your computer. One nice perk to having an Apple is that the vast majority - like 99.9% - is written for the Windows platform.

Most issues arise from out of date versions of the above programs. Keeping them up to date helps a lot. I also make Flash ask permission to run which can be set in the browser plus I have very strict settings in my System Preferences -> Flash Player (& Java).

One big perk to setting your browser to have flash ask to run is no more annoying adds running with sound that you don't want to see or hear.

Lisa
 

vansmith

Senior Member
Joined
Oct 19, 2008
Messages
19,924
Reaction score
559
Points
113
Location
Queensland
Your Mac's Specs
Mini (2014, 2018, 2020), MBA (2020), iPad Pro (2018), iPhone 13 Pro Max, Watch (S6)
Are there alternatives?
If a website uses one of those technologies and don't themselves provide an alternative, then no.

Both Java (& Javascript) and Flash have been favored by malware creators as a way to infect your computer.
I'd remove Javascript from that list. Javascript, by design and implementation, can't do much to your machine. It's insulated and given little to no access to the machine that it runs on.

One nice perk to having an Apple is that the vast majority - like 99.9% - is written for the Windows platform.
Java and Flash exploits are popular and successful for one simple reason - they execute irrespective of the underlying OS. Java and Flash applications are platform agnostic and only rely on their respective runtimes, which work in similar ways across platforms. The only time that they become platform specific is if they run up an OS limit (write permissions for example) or are expressly written for one specific platform which, with cross platform runtimes, may actually require more work.
 
M

MacInWin

Guest
Another vector to get past the security of OS X is for bad guys to send you fake notices that Java/Flash have an update/upgrade available and then send you to their own fake websites where they mimic the Adobe and Oracle sites and get you to download and install Malware. Get Flash from either Apple or Adobe directly, get Java from Apple or Oracle directly. Doing that way will then put some panes in System Preferences from which you can get the updates from the safe places. I have Flash installed, but blocked from operating without my ok, and on System Preferences there is a Flash Player pane on which I have selected the Notify me to install updates. That way, when an update comes in, I can go get it and not let it automatically install. I want to KNOW what is being installed on my system and I want to control that installation.
 
Joined
Jul 24, 2013
Messages
5,080
Reaction score
776
Points
113
Location
Ohio (USA)
Your Mac's Specs
2023-14" M3max MBPro, 64GB/1TB, iPhone 15 Pro, Watch Ultra
I'd remove Javascript from that list. Javascript, by design and implementation, can't do much to your machine. It's insulated and given little to no access to the machine that it runs on.

I have read a lot of articles that claim javascript can harbor malware but maybe I am interpreting it wrong.

Malware hides behind JavaScript, PNGs to bypass browser security | InfoWorld

How Hackers Use Javascript to Distribute Malware | InfosecStuff

Java and Flash exploits are popular and successful for one simple reason - they execute irrespective of the underlying OS. Java and Flash applications are platform agnostic and only rely on their respective runtimes, which work in similar ways across platforms. The only time that they become platform specific is if they run up an OS limit (write permissions for example) or are expressly written for one specific platform which, with cross platform runtimes, may actually require more work.

We could debate that but I basically agree.

So the original question of how safe are they - depends. And my suggestions were to keep them up to date and set your security settings on them high and make Flash ask to run.

Things are always changing with how secure they are, how they are exploited and what happens when they are. There are no guarantees.

Lisa
 

Shop Amazon


Shop for your Apple, Mac, iPhone and other computer products on Amazon.
We are a participant in the Amazon Services LLC Associates Program, an affiliate program designed to provide a means for us to earn fees by linking to Amazon and affiliated sites.
Top