Russ Harvey Consulting - Computer and Internet Services

Browser Plugins: Legacy Addons

PDF | Flash | Java | VLC Player | QuickTime | RealPlayer
Plugin Vulnerabilities

Acrobat logo   FlashPlayer logo   Shockwave logo   QuickTime logo

Legacy Applications

Plugins are legacy applications installed onto your computer to view and hear multimedia content. Not all plugins are supported by all browsers.

Unlike extensions, which are installed in your browser, plugins provide support and access to "helper" applications that are already installed on your computer.

The Technology is Changing

While plugins were once the main method of adding multimedia functionality to browsers, they have extensive vulnerabilities and their reign is ending.

But as open standards like HTML5, WebGL and WebAssembly have matured over the past several years, most now provide many of the capabilities and functionalities that plugins pioneered and have become a viable alternative for content on the web.

 

Today, most browser vendors are integrating capabilities once provided by plugins directly into browsers and deprecating plugins. — Adobe

Given that plugins tend to slow down your browsing experience, many of the plugins that were once considered mandatory, like Flash and Java, are now either no longer supported or disabled by default.

The internet is full of websites that go beyond static pages, such as video, sound and games. NPAPI plugins, especially Flash, have helped enable these interactive pages. But they also make your browsing slower, less secure and more likely to crash. — Mozilla

A sample audio control is shown below:

Source: Free Sounds (Public Domain)

HTML5 media controls are supported by all modern browsers and mobile devices but may be rendered differently.

Reader View Improves UX

Reader View improves user experience by removing page clutter like background images, ads and other distracting content. Text is presented in a readable font size on a white background.

Most current browsers support reader view including Firefox, Safari, Opera, Chrome and Microsoft Edge. Not all sites support reader view.

HTML5 Safer and Accessible

HTML5-based technology is now widely used because it is much safer and more accessible than traditional plugins.

The commercial media industry is undergoing a major transition as content providers move away from proprietary web plug-in based delivery mechanisms (such as Flash or Silverlight), and replace them with unified plug-in free video players that are based on HTML5 specifications and commercial media encoding capabilities.
Microsoft Edge Team

Unfortunately, big media companies have persuaded the W3C to incorporate DRM into HTML5, ensuring they can control what you watch and how you use it.

Source: Evgenia Kirpichnikova via Pexels.com

Learn more about how HTML5 is changing Web content and replacing plugins.

Return to top

PDF Readers

PDF is a format invented by Adobe that allows files to be viewed anywhere with the proper fonts regardless of the software it was created with.

Adobe Reader long provided access to online PDFs in browsers via a browser plugin.

Browsers Natively Display PDF Documents

Most modern browsers can now display PDF documents natively without plugins. Some features, like auto-fill, may not work.

  • Microsoft Edge and Google Chrome display PDFs plus allow you to fill in PDF forms before you save or print them.
  • Firefox has these capabilities starting with version 81.0.
  • Older versions of Firefox will display PDFs, but requires an external viewer to open a PDF document containing forms.

Acrobat logo

Adobe Reader

Adobe Reader traditionally provided access to online PDF documents via a browser plugin.

Unfortunately, Adobe Acrobat Reader has been flagged as a security vulnerability. Modern browsers now have built-in PDF viewers that don't require plugins.

Update Adobe Acrobat Reader

If Adobe Acrobat Reader is installed, be sure to update it regularly or uninstall it.

  • Many computers have obsolete (unsafe) versions installed.
  • Any version of Adobe Reader prior to the most recent version of Adobe Acrobat Reader DC is obsolete and unsafe.

Dedicated PDF Readers

Even though browsers have built-in capabilities, a dedicated PDF reader usually has more features than your browser can provide.

A dedicated PDF program like Adobe Reader or other PDF readers have many more capabilities. Professional PDF software like Able2Extract Pro or Nitro Pro add comprehensive editing capabilities.

Changing Windows 10 Defaults

Windows 10 default handler for PDFs is Microsoft Edge but you can change that.

Click on Start ⇒ Settings ⇒ Apps ⇒ Default apps then scroll down and click on choose default applications by file type. Wait for the options to load, then scroll down to .PDF and change the default option there.

 

Return to top

Adobe Flash Player

FlashPlayer logo

Flash Player's end of life is December 31st, 2020. In memory of Flash: 1996–2020.

Adobe will be removing Flash Player download pages from its site. Adobe will not issue Flash Player updates or security patches after the EOL Date.

 

We recommend that all users uninstall Flash Player before the EOL date. Users will be prompted by Adobe to uninstall Flash Player on their machines later this year and Flash-based content will be blocked from running in Adobe Flash Player after the EOL Date. — Adobe

Uninstall Flash

I strongly recommend that you uninstall flash. If installed, be sure to update it regularly.

Adobe Flash was the standard in creating animated clips and videos in the early days of the web. Back in the good 'ol days, it was a fan favorite for developers and designers alike, as it was very functional and easy to use.

 

But as technology progressed, Flash did not. This made it a prime target for hackers who saw Flash as an easy entry point. — ZoneAlarm

Many sites use Flash ONLY for advertising or tracking purposes. Enabling Flash invades your privacy without giving you anything of value in return.

Flash No Longer Viable

HTML5-based technology just works better than Flash and is safer.

  • Flash is not supported by any major browser.
  • Flash makes your computer more vulnerable to being infected and must be updated frequently to stay ahead of newly-discovered vulnerabilities.
  • Flash is a 32-bit plug-in which won't work in 64-bit browsers. 32-bit browsers and plugins slow down modern 64-bit operating systems.
  • Flash consumes a lot of energy and performs poorly, especially on mobile devices.
  • Like Java-based games, Flash games are being replaced with HTML5-based games.

Downloading & Updating Flash

Verifying Flash Version in Windows

Windows users can verify the Flash version for each type of installation by opening the Flash Player Settings Manager in Control Panel (search for “Control Panel”) then selecting the Updates tab.

There are three different Flash installers for Windows, each supported by the indicated browsers. The difference in the installer name is in bold (the version number will change as Flash is updated):

  1. ActiveX (Internet Explorer: installation not recommended): flashplayer32ax_xa_install.exe
  2. NPAPI (Firefox — no longer supported by Chrome and Opera): flashplayer32_xa_install.exe
  3. PPAPI (Chrome and Opera): flashplayer32pp_xa_install.exe

Internet Explorer is vulnerable enough without Flash so I don't recommend using it with or without Flash (nor does Microsoft).

NPAPI Plugins Unsafe

NPAPI-based Flash plugins make Windows insecure (see US-CERT Alert TA15-195A).

  • NPAPI Flash plugins are now blocked by Firefox.
  • Flash support will be completely removed from Firefox in early 2020.
  • NPAPI Flash plugins are no longer supported in Chrome or Opera.

PPAPI Plugins

Flash is handled differently in Chromium-based browsers. Opening the Flash Player Settings Manager in Control Panel will bring up the following notice:

The settings on this page are not applicable to Google Chrome or Chromium-based browsers (PPAPI).

 

Return to top

Shockwave Player

Shockwave logo

You should uninstall Shockwave Player.

  • Shockwave Player is obsolete, vulnerable and contains obsolete Flash components.
  • The recommendation is to update it regularly yet the March 2017 security update was the first since October 2015 (Flash has had over 15 updates since then).

Download Shockwave or Test Your Installation

I advise against installing Shockwave Player, but you should maintain it if you do.

 

Return to top

Java

Download Oracle® Java

Java Support Ending

Public updates for Oracle Java SE 8 will remain available for individual, personal use through at least the end of 2020. Public updates for Oracle Java SE 8 released after January 2019 will not be available for business, commercial or production use without a commercial license. — Oracle

Java Makes Your Computer Vulnerable

It has been known for some time that Java makes your computer vulnerable.

Remove Java if you don't need it (most people don't).

By uninstalling Java you can determine if it is really necessary. It can be quickly reinstalled if you really do need it.

If installed, be sure to frequently update Java and to ensure you remove older versions (you may need to manually remove these).

Browser Java Support Ended

Java plugins are now either unsupported or blocked by most browsers.

Online Gaming Sites

If you need to run Java or Flash for online gaming sites like Pogo.com, modern browsers no longer support either. These sites are moving away from both:

Java and Flash are two technologies that have powered Pogo games for many years, but they're no longer supported by most web browsers. Because of this, we're retiring some older Flash-based games from Pogo in March 2020. The rest of our Flash games will go away later in the year. — Pogo

Legacy Browsers

Internet Explorer may be your only remaining option for Java-based games despite IE's obvious shortcomings but, like other legacy browsers, this puts your computer at risk.

Seek Newer HTML5 Games

Newer HTML5-based games work without plugins. These are a safer alternative (Java and Flash games will soon be gone anyhow).

Download/Test Your Installation

Download Java | What is Java? | Verify your Java version.

More about Java installation and security.

 

Return to top

VLC Player

VLC Player

VLC Player, a free and open source cross-platform multimedia player and framework, plays almost all multimedia files as well as DVD, Audio CD, VCD, and various streaming protocols.

I strongly recommend VLC player rather than any of the alternatives, particularly for Windows. Uninstall QuickTime and RealPlayer.

 

Return to top

QuickTime

QuickTime logo

Uninstall QuickTime for Windows

QuickTime 7 for Windows is no longer supported by Apple and contains dangerous vulnerabilities. It should be uninstalled.

New versions of Windows since 2009 have included support for the key media formats, such as H.264 and AAC, that QuickTime 7 enabled. All current Windows web browsers support video without the need for browser plug-ins. — Apple Support

QuickTime for Mac

QuickTime is supported for macOS and iOS. Update to the latest version or uninstall it.

If you're using Quicktime Pro, save your registration key before uninstalling it.

Return to top

RealPlayer

RealPlayer logo

Uninstall RealPlayer

I recommend that you uninstall RealPlayer.

  • RealPlayer plugin has been flagged as unsafe by Firefox and Chrome.
  • RealPlayer has a shady history of spyware and nag screen.
In the 1990s, RealPlayer was a fundamentally ambitious piece of software. It set the groundwork for how we would come to consume media, and in many respects, we owe it a massive debt of gratitude. But it was also a fundamentally flawed piece of software, whose execution didn't quite do its lofty goals justice.

 

20 years later, little has changed. The ambition behind RealPlayer is still there, but this time round, it feels much less focused. Rather than do one thing badly, RealPlayer does many things badly.— Make Use Of

Two Versions

RealPlayer 20/20 and RealPlayer 18 are two different products. 20/20 adds people search, discover videos and celeb info.

Download/Test Your Installation

Apps are available for Windows 10, iOS and Android devices.

Features | FAQ | Get the App | Support.

 

Plugin Vulnerabilities

Out-of-date or misappropriated plugins leave you vulnerable and can make your browser unstable. As a result, many browsers now block dangerous plugins.

Adobe Reader, Flash & Java

Adobe Reader, Adobe Flash and Java have long been known to be vulnerable to exploits which makes our computers insecure.

The long-term examination carried out by AV-TEST…clearly shows that Adobe Reader, Adobe Flash and Java are together responsible for two thirds of the vulnerabilities in Windows systems exploited by malware.

 

Users who rarely update their software and use insufficient security software have virtually no chance when faced with specially prepared malware. — AV-TEST

Update Frequently

Check frequently for updates to installed plugins, removing obsolete or unused plugins. Few are supported by current browsers.

HTML5 Safer

Most current plugins have security issues that will be better addressed by newer technologies built into current and future browsers.

Mac & Linux User Now Insecure

Windows users have long been insecure. Mac and Linux, once thought to be immune, are now attacked by malware and exploits in the software. Reports like the following have been published since 2015:

The currently unpatched vulnerabilities reside in the Windows, Mac OS X, and Linux versions of the most recent versions of Flash and allow attackers to remotely execute malicious code. — Ars Technica

Java and Flash vulnerabilities mean Macs are no longer safe from security threats.

Unsafe Plugins Disabled By Default

Current versions of browsers like Firefox and Chrome disable unsafe plugins like Java and Flash.

Browsers can natively display PDFs. PDF plugins are no longer required.

NPAPI Plugins Deprecated

NPAPI-based plugins are disappearing. They are either unsupported or blocked by most browsers.

Beginning in Firefox version 52, support for NPAPI plugins in Firefox has ended, except for Adobe Flash.

 

Some of the plugins that will no longer load include Java, Microsoft Silverlight and Adobe Acrobat. — Mozilla Support

As a result, many of the traditional plugins are no longer available.

I recommend that you uninstall these vulnerable plugins:

 

Related Resources

Related resources on this site:

or check the resources index.


If these pages helped you,
buy me a coffee!


 

All trademarks, company names or logos used on this page are the property of their respective owners.

Return to top
RussHarvey.bc.ca/resources/plugins.html
Updated: October 15, 2020