Flash Continental Update – Oasis or Trap?

February 26, 2020, Flash Player official website rehash. Flash parent company Adobe announced to stop supporting Flash Player from December 31, 2020.(Free Asia)

Q: Although Flash has been discontinued in the vast majority of countries around the world, China is the only exception, and there is even a lobby version of the new version being released. If the Flash official is willing to continue to provide updates in China, should Internet users in China continue to use the Flash plug-in for browsing many websites that still use Flash technology?

Li Jianjun: Due to the special situation in China, Flash has authorized a Chinese company to continue to provide the updated version in mainland China. However, Internet users in China should no longer use Flash for reasons other than the fact that HTML 5 can do the same thing as Flash in a more secure way, but more importantly because of its “original sin” in terms of security. The reason for this is that Flash’s security deficiencies are a whole host of problems that cannot be solved by minor fixes. This is why all major operating system and browser developers have taken a very strong stance to block Flash software. I don’t see anything in Flash China Lobby Edition that is so good that it can overcome Flash’s long-standing flaws. If you think the lobby version is safe, it’s an illusion that is actually more dangerous to users. If Chinese websites hadn’t ignored the Flash problem for so long and insisted on using Flash, China could have simply kept pace with the rest of the world and discontinued Flash in January this year, instead of installing the so-called lobby version, leaving a security risk.

Q: After Flash was “retired”, Internet users around the world received email notifications claiming that there was an updated version of Flash available for download, only to be provided with a Trojan virus. Is this phishing technique specifically tailored to Chinese users?

Li Jianjun: Most users around the world, except for a few who do not pay attention to the operating system alerts, know that Flash has completed its historical mission, so they are rarely fooled when they receive such phishing emails, but precisely because there are still so-called lobby versions and official versions available for download in China, Flash is still a software in use in China, not a product whose service Life has ended, so Chinese users are particularly vulnerable to such phishing emails. Therefore, Chinese users are particularly vulnerable to these phishing emails and are unaware of the fact that they have downloaded a software that is more dangerous than the lobby version. It is believed that the Hackers who write such phishing emails are probably Chinese hackers, because phishing emails are often technically simple, but their success often depends on social structure and psychological problems, such as taking advantage of the vulnerability of judgment caused by the environment people are in to commit the crime, rather than being technically advanced.

Q: The Flash problem remains, and it is difficult to keep users safe. But suppose the Internet users in the country need to use Flash for work or to deal with some government affairs need, then what should be done?

Li Jianjun: First of all, you have to confirm whether you really have to use Flash, because in most cases, there are actually versions of related websites that do not use Flash. It’s not very common to see a train station that can barely move without Flash.

If you do encounter a website that must use Flash, you can consider using an old computer or installing a virtual machine on your regular computer to run Flash on the old computer or virtual machine, and you must not handle any sensitive information on this dedicated computer. If you choose to use another old computer to deal with Flash web issues, you should turn off the computer and disconnect it from the Internet each Time you are done with it to avoid having other information on your computer stolen if you get hit by a strange Trojan horse. If you choose to install another virtual machine, the solution is very simple – execute the virtual machine only when you want to use it, and if you suspect that there is a problem with the virtual machine, you can delete it immediately and replace it with a new one that is not infected. The same applies to the use of virtual machines where some government websites are to be executed, unless some physical hardware of the virtual machine is involved, such as the USB authentication fingers used by individual banks, but such cases, however, will only become less and less frequent.

Q: In addition to Flash, Internet Explorer is another recognized insecure plug-in, but also in China is still insisting on the widespread adoption, what is the explanation?

Li Jianjun: For the powers that be, software security loopholes are not necessarily a bad thing, because these security loopholes can be used to monitor the people. html 5, open source browsers, etc. are not only more secure, but also free. If there is a bunch of free software available, but they still insist on using technology that is full of vulnerabilities, then this is no longer a problem of rampant piracy, but a deliberate act of Chinese companies and authorities. In fact, in the past three years, there has been absolutely enough time to transition web pages or software from technologies using Flash and IE to technologies using modern standards. Therefore, the situation in China is very special, and only China will insist on using software that is recognized as obsolete in countries around the world.