Windows IT Pro
Connect With Us
Home > Windows > Microsoft Flip-Flop Fixes Flash

Microsoft Flip-Flop Fixes Flash

Mar. 11, 2013 Paul Thurrott | Windows IT Pro

In a surprising announcement, Microsoft said this week that it will completely reverse its support for Adobe’s Flash technology in Internet Explorer (IE) 10, a decision that affects the “Metro” versions of the browser in Windows 8 and Windows RT, as well as the desktop version of IE. Now, instead of maintaining a white list of trusted Flash sites, Microsoft will provide IE 10 with a black list of untrusted and unsafe Flash sites.

The changes are coming as part of the firm’s regular “Patch Tuesday” set of updates.

“We are updating Internet Explorer 10 in Windows 8 and Windows RT to enable Flash content to run by default,” Microsoft Group Program Manager Rob Mauceri explains in a post to the IEBlog. “On Windows 8, all Flash content continues to be enabled for IE on the desktop.”

Rafael Rivera, my Windows 8 Secrets co-author, and I first wrote about Microsoft’s then-surprising decision to include some Flash support in the Metro version of IE 10 back in May 2012, in "Windows 8 Secrets: Internet Explorer 10 will Ship with Adobe Flash." Microsoft had previously pledged to keep Flash out of the Metro version of the browser and focus instead on HTML 5 video delivery.

Before IE 10, users could add support for Flash to the browser using a plug-in. And although that’s still true for the desktop version of the browser in Windows 8, IE 10 “Metro” is unique in that a subset of Flash is integrated directly into the product. But to protect the battery life, performance, and security of Windows 8 and Windows RT, this Flash version was allowed to access only certain sites via a white list called the Compatibility View list.

Microsoft’s various Flash flip-flops were all well intentioned, but with Windows 8 and Windows RT out in the world now, users often complained about favorite sites not working properly with the Metro version of IE 10. And according to the firm, its overly protective stance is no longer warranted.

“Looking at our engineering experience with Flash and Windows 8 and Windows RT, as developers improve their Flash content, the vast majority of sites with Flash content that we have tested are now compatible with the Windows experience goals,” Mauceri wrote. “Of the thousands of domains tested for Flash compatibility to date, we have found fewer than 4 percent are still incompatible, in the most part because the core site experience requires other ActiveX controls in addition to Flash … With today’s update to Windows 8 and Windows RT, consumers can experience more of the Web by default.”

Microsoft has provided updated guidance for web developers who wish to implement Flash on websites accessed in Windows 8 or Windows RT. This guidance notes that the Compatibility View list has changed to a black list used to block Flash content from executing inside IE 10, and explains the process developers can undergo to request that offending sites be removed from the list.

Related: "How to Fix Windows RT"

Discuss this Article 7

Waethorn
on Mar 12, 2013
@Vinny: And what happens when some ad network changes their policy to start allowing Flash-based ads where they already sell ads to anyone and everyone with checking the content of those ads? Malware writers already take advantage of those ad networks by distributing malicious Flash exploits to thousands of websites at a time. It's almost impossible to automatically filter any malicious Flash content since the content is in binary format. At least with HTML ads, you can filter malicious JavaScript exploits because the code is easily readable. With Flash, you'd have to route the program through some kind of antivirus scanner that has definitions for Flash-based malware. No sir, I would say it's better to just maintain a safe list than to have to keep up with advertisers policies and such. It's far more secure too. If done properly, it would take no more work than a proper block list, but then again, Microsoft is probably just going to sloth the whole thing and just let users report bad websites so they don't have to do any leg work.
roncerr
on Mar 17, 2013

"With Flash, you'd have to route the program through some kind of antivirus scanner that has definitions for Flash-based malware." Not necessarily, just use hosts file blocking; keeps the good, removes the bad and annoying stuff: http://winhelp2002.mvps.org/hosts.htm
And if you are using Windows 8 with Defender, be sure to follow the instructions in the last paragraph here: http://www.ghacks.net/2012/08/19/you-cant-block-facebook-using-windows-8s-hosts-file/ (so that Defender won't mess with it).

dregourd
on Mar 12, 2013
Another proof, if needed, that shows that Microsoft is now running after the troup, like the fat boy in "Here comes the double decker"!
jabber_wolf
on Mar 12, 2013
The point of MS allowing this, is that we now have CHOICE to allow flash or not. Its like the Nazi youth when the people above tell you whats good for you, and take that choice away, you guys exclaim HEIL !! Pretty much that's the Apple sheep calling.
jkohut
on Mar 12, 2013
Shows that HTML5 is no where near ubiquitous enough or mature enough to replace Flash. Smart move by Microsoft to not alienate any more users by making Flash ANOTHER reason to move away from Windows.
vhaakmat
on Mar 12, 2013
Far easier to identify the bad flash sites, you absolutely know that are malicious, than the good ones. Why didn't they think of that before? As a software developer that's the way I would solve this dilemma from day one. You don't try to figure out the good 96%, but zero in on the bad 4%
spdickey
on Mar 22, 2013

Then MS goes ahead and issues a black list that included twit.tv. You can still view the recorded webcasts via HTML5 redirects. But the live stream is flash only at live.twit.tv. At least there is a TWiT app for Windows 8 "metro" that serves as a good work around for the live stream.

Please or Register to post comments.

Related Articles
Upcoming Training

Mastering System Center 2012

During over 6 hours of training you can join John Savill from your computer as he will walk you through the key components and capabilities of System Center 2012, what’s involved in using the components, and the benefit they can bring to your environment.

Register Now

Current Issue

May 2013 - The NameTranslate object is useful when you need to translate Active Directory object names between different formats, but it's awkward to use from PowerShell. Here's a PowerShell script that eliminates the awkwardness.

CURRENT ISSUE / ARCHIVE / SUBSCRIBE

Windows Forums

Get answers to questions, share tips, and engage with the Windows Community in our Forums.

Featured Products
Windows 8 Tips
Windows 8 Tips

You’ve been told that Microsoft has somehow compromised the beloved desktop environment and ruined it with Metro...

VIP - Premium Membership
For the IT Professional that needs access to training, premium content, discounts, and more, joining our VIP group just...
Testing with Visual Studio 2012

June 25th
Presented by: Brian Minisi

EARLY BIRD DISCOUNT -...

View CatalogView Shopping Cart

WindowsITPro.com
Related Sites
Copyright © 2013 Penton Media, Inc