If there is one piece of software that really causes me grief on my (pretty shiny thing) Macbook then it’s Adobe Flash. I’m not really going to into guessing why it’s so broken but there are three major problems for me personally:
- it causes CPU spikes over 70% when running causing problems with other apps
- It doesn’t automatically update when new versions are avialable
- security vulnerabilities occur about as often as Microsoft Windows vulnerabilities (all the time). There is another zero day announced today and being exploited in the wild.
One of the reasons I switched to Mac was to get away from the fear that my OS was compromised (a major concern on MS Windows) and the fact that Flash has a new and major vulnerability every week isn’t acceptable. So the solution is to remove Adobe Flash. Stay tuned for tips on how to live without it.
- Quit Safari
- Go to the /Library/Internet Plug-Ins and (Home)/Library/Internet Plug-Ins directories
- move ClickToFlash, Flash Player.plugin, flashplayer.xpt, and NP-PPC-Dir-Shockwave to a temporary directory
- Restart Safari
Make sure that you remove the ClickToFlash plugin as well. This is because the ClickToFlash plugin tells web servers that a flash plugin is available, but then disables the plugin from running and displays the grey box for you to click.
Use this plugin to tell Youtube to displays all video content using HTML5 codecs.
What if you need Flash for a specific website ?
I’ve been running this for a few days and really haven’t found any problems. Because Flash isn’t installed most websites will switch to alternate content / menu / etc because they have fallbacks configured.
However, for those absolutely must have, no other choice, then you can use Google Chrome browser for those websites. Chrome has it’s own version of Flash as part of the binary, and while it’s probably insecure, the intentional shift reduces the risk of a driveby zero day attack on your system.
The EtherealMind View
If Flash worked properly, I’d be happy to use it. But the security concerns and the CPU problems mean it’s not a good product at the end of the day. And, surprisingly, almost every website has alternatives for Flash provided your web browser has no flash installed. This means disabling Flash, and the ClickToFlash plugins so that your browser signals to the web server that there is no Flash on your system.
At least, I feel better.
If you want to do as I do, quit Safari, and move ClickToFlash, Flash Player.plugin, flashplayer.xpt, and NP-PPC-Dir-Shockwave from those folders to somewhere else. I made a folder called “Internet Plug-Ins Disabled”.