Adobe Flash and PDF
Are utter shit. Remove.
When the Italian surveillanceware maker Hacking Team got hacked last month, the intruders unwittingly set the groundwork for a very interesting research project. Tracking the time from a vulnerability being found in some software to seeing it exploited in the wild is tricky – malware writers don't often publicize their …
"Just removing those three pieces of software alone probably makes you nearly immune to a large majority of the malware on the web."
It also makes you nearly unable to use many government websites - at least in Australia. Are you an accountant or business owner and need to connect to the ATO? Good luck doing that without Java.
The unfortunate truth is that there are HEAPS of websites, including 'cloud' services that use these technologies and we won't be rid of these menaces until those sites decide that client security must be their top priority and so rewrite their sites and applications.
The vulnerability was already known to the bad guys, and the software already developed, waiting for a prime time to use it.
Then when everyone and his dog learned of it via the dump, the attack was speedily deployed or auctioned to someone eager to use it, to get some value out of it before the hole was patched.
What? You don't think the smarter ones keep a warchest of exploits to use for special cases? We already know the spooks do.
That lasted for all of two days when word came down that too much business stuff was broken and we had to put it back. And they were right, too much business stuff was broken.
You've got website operators playing Captain Kirk on YOUR Enterprise: "Lower the shields Sulu. They'll think we're friendly and won't fire."
Yep! Not only did some of our critical websites absolutely require it ( we did try to make and end run - unsuccessfully), but there was always some application some client needed badly that absolutely would not run without it!
So just having a browser capable of emulating flash, is not enough - this despicable rubbish has to be on the machine for things to work!