The modularization was a security nightmare. These plugins needed elevated privileges, a d they all needed to handle security themselves, and as I hope you are aware, Flash was atrocious with security.
Having a single “plugin” system means you only need to keep that one system secure. That’s hard enough as it is, but it’s at least tractible. And modern browsers have done a pretty good job securing the javascript sandbox.
That was better back then, people had realistic expectations
I don’t think that’s true. I think there just weren’t as many attacks because there weren’t as many internet users. Yet I also remember getting viruses all the time (at least once/year) because of some vulnerability or another, and that’s with being careful.
You should take off those rose colored glasses.
I appreciate that people not knowing as much about security is problematic, but that’s because the average person is far more secure than they were even 10 years ago. Getting a virus is pretty rare these days, Microsoft has really stepped up their game with Wndows and browsers have as well. I haven’t worried about getting a virus for many years now, and that’s thanks to the proactive security work in sandboxing and whatnot that limits exploits.
A lot of the scams and whatnot these days either attack outdated systems (esp. insecure routers running default creds) or merely use social engineering because you can’t simply use an off-the-shelf flash exploit or something to get privilege escalation to install your malware. Attacks certainly exist, but they’re far less common than they were 10-20 years ago as people started being online constantly.
those plugins being disabled by default
Yes, I am annoyed at JavaScript being enabled constantly and not having fine-grained control over specific permissions (mostly just location, mic, camera, and storage).
Unfortunately, that ship has sailed. But I still very much prefer the modern “everything uses JavaScript” to the old insecure Flash and Java applets.
The modularization was a security nightmare. These plugins needed elevated privileges, a d they all needed to handle security themselves, and as I hope you are aware, Flash was atrocious with security.
Those - yes. But generally something running on a page receiving keystrokes when selected and drawing in a square and interpreting something can be done securely.
And modern browsers have done a pretty good job securing the javascript sandbox.
One can have such a sandbox for some generic bytecode separated from everything else on the page. Would be “socially” same as then, technically better.
The modularization was a security nightmare. These plugins needed elevated privileges, a d they all needed to handle security themselves, and as I hope you are aware, Flash was atrocious with security.
Having a single “plugin” system means you only need to keep that one system secure. That’s hard enough as it is, but it’s at least tractible. And modern browsers have done a pretty good job securing the javascript sandbox.
I don’t think that’s true. I think there just weren’t as many attacks because there weren’t as many internet users. Yet I also remember getting viruses all the time (at least once/year) because of some vulnerability or another, and that’s with being careful.
You should take off those rose colored glasses.
I appreciate that people not knowing as much about security is problematic, but that’s because the average person is far more secure than they were even 10 years ago. Getting a virus is pretty rare these days, Microsoft has really stepped up their game with Wndows and browsers have as well. I haven’t worried about getting a virus for many years now, and that’s thanks to the proactive security work in sandboxing and whatnot that limits exploits.
A lot of the scams and whatnot these days either attack outdated systems (esp. insecure routers running default creds) or merely use social engineering because you can’t simply use an off-the-shelf flash exploit or something to get privilege escalation to install your malware. Attacks certainly exist, but they’re far less common than they were 10-20 years ago as people started being online constantly.
Yes, I am annoyed at JavaScript being enabled constantly and not having fine-grained control over specific permissions (mostly just location, mic, camera, and storage).
Unfortunately, that ship has sailed. But I still very much prefer the modern “everything uses JavaScript” to the old insecure Flash and Java applets.
Those - yes. But generally something running on a page receiving keystrokes when selected and drawing in a square and interpreting something can be done securely.
One can have such a sandbox for some generic bytecode separated from everything else on the page. Would be “socially” same as then, technically better.