Browsers have a few different plugins that a majority of people use. When reviewing the security of web browsers, the weak link is usually these plugins. Now there are three in specific that are generally the largest culprit: Java, Flash and Adobe Reader. Adobe Flash has had over 50 severe bugs in 2014 and over 75 in the first half of 2015. Acrobat Reader had over 30 in 2014 and 50 in the first half of 2015, all considered severe. Java is rarely used anymore in web applications, and Flash is being phased out fairly significantly these days. However, many browsers have these plugins installed and active. I recently decided to disable Java, Flash and Adobe Reader.
I’m going to assume you are using a popular browser. Internet Explorer has been shamed out of existence, and Microsoft recently announced a more aggressive strategy to stop supporting older versions. This is a significant step forward they should have taken years ago. Historically, IE had a lot of security issues but they have been working hard in recent years to help rectify that and improve performance. However, most average and power users are using Google Chrome, Firefox or Safari.
By disabling additional plugins, I feel significantly safer on the internet. But how much of an inconvenience and disruptive experience does this cause? As it turns out, not much. The largest impact is with Adobe Flash, and mainly it is websites that rely on Flash to play videos. In these scenarios, you simply have to right click on the plugin area and select “Run This Plugin”.
You can also enable plugins in the top toolbar using blocked plugin indicator icon.
They also have the option to remember to allow the Flash plugin in the future on specific sites which helps make it more convenient. By leaving it set to manual activation, Additionally, I enjoy the security from knowing that other hidden or small Flash elements are not automatically running if I opt to activate them on demand when I see it is needed.
Sometimes an invisible Flash component, or one disguised as an ad, is used to infect your computer. This can happen on trusted sites where the website owner doesn’t even know. By having the plugin disabled, it never gets activated or run. Only the one component I want to run gets activated when I explicitly tell it to run.
When measuring the convince vs. security improvements, I think it is worth it to disable additional plugins like Java, Flash, and Adobe Reader.
The only time Adobe Reader has been an inconvenience is when I click to open a PDF. It usually opens in its own tab and then I just manually activate it. Since I’m expecting a PDF, it is safer than some PDF that might have been embedded or forced open by a malicious page.
I’d also disable Microsoft Silverlight if you have it installed and enabled.
Disabling plugins can also help prevent you from being tracked by super-cookies.
If you are a moderately savvy tech user, go to your browsers settings and disable these additional plugins. These technologies are being phased out and by disabling them, you will quickly become more aware of the sites you use which are using these outdated technologies. It may just keep you safer in the end.
Please leave feedback of your experience disabling them and why it works or doesn’t work well for you!