Microsoft’s Security Staff on Monday announced that they have made the decision of keeping Adobe Flash Player as default in both the Internet Explorer 11 and Microsoft Edge browsers in Windows 10.
Adobe Flash Player to remain on IE & Edge
Adobe Flash Player is quickly taking over Java as the primary target for trojan attacks and phishing since the past few years. After accounting for almost half of object detections during some quarters in 2014, Java applets on malicious pages decreased to negligible levels by the end of 2015, owing to a number of changes that have been made to both Java and Internet Explorer over the past two years.
In 2014, most browsers took the initiative to abandon Java as the default program. With all these strict measures against Java attacks, infectors shifted onto Adobe Flash Player as their next target.
Windows 10’s default browser, Microsoft Edge, does not support Java or Active X at all, and other browsers like Google’s Chrome and Mozilla’s Firefox are doing the same.
Real-time security software can implement IExtension Validation to block ActiveX controls from loading malicious pages. When Internet Explorer loads a webpage that includes ActiveX controls, the browser calls the security software to scan the HTML and script content on the page before loading the controls themselves, said Microsoft.
While this graph seems worrisome for most developers working with Flash Player as the default, it is important to note that keeping the software updated is the key to avoiding such attacks in the future. The company gives an explanation that Adobe can’t be removed like Java was, and must be used till a good replacement is found.