They're programmes found on almost every computer, but recent global security warnings about them have left many people wondering if they can be de-installed or whether it's wise to do so. Adobe's Flash Player and Oracle's Java are what experts call utilities, because they support the operation of other applications.
Both software packages may be security risks, and can sometimes be nuisance factors.
"Flash is an addition for the browser that gives web designers more creative opportunities," explains Andreas Paul of the computer science department at Munich Technical University.
As a so-called plug-in, Flash allows the browser to show animations. Above all Flash is important for playing videos - for a long time it was impossible to play YouTube videos without it.
Java on the other hand isn't a programme, but a widely used programming language. Developers like it because a programme written in Java can easily run on Windows machines, Macs and other platforms, the only requirement being that the Java Runtime Environment (JRE) is installed.
There are also Java applications for the browser, so-called applets, but they're rarely seen anymore, Paul says.
It should not be confused with Javascript, which - despite the name - has nothing to do with Java and is found on almost every website. This is a scripting language that web designers use for things like drop-down menus and other dynamic elements.
No software or plug-in has to be installed for Javascript to run.
Even though they function differently, JRE and Flash have one thing in common: "Flash and Java are relatively old technology, the security mechanisms of which have evolved over many years and are therefore very complex," says Eric Bodden, a professor at the Technical University in Darmstadt, Germany.
In the case of Java, the code base is very extensive and therefore difficult to maintain.
"It's no wonder that more and more flaws arise that can lead to security vulnerabilities," Bodden says.
The problem is that a Flash browser plug-in for Chrome or Firefox theoretically gains the same extensive access rights to the computer as the browser itself. "Criminals can use these vulnerabilities, for example, to plant malware on your computer via a manipulated website," according to Bodden.
Around these security vulnerabilities and patches, a kind of arms race has developed between hackers and developers. Users are constantly bombarded with notices to update Flash and Java.
These can be irritating, but shouldn't be ignored: "Whoever uses Flash and Java should install any updates immediately," Bodden warns.
However, it's also possible to do without these utilities completely. That's particularly true of Flash, according to Hajo Schultz from German computer magazine c't: "What Flash can do, Javascript can do also."
Today, web designers don't need any additional programs to make their sites colourful and dynamic. There are also other technologies for playing videos, in particular HMTL5, and YouTube now operates without the need for plug-ins.
Which doesn't mean that Flash has disappeared just yet. If users are worried about its security, they can go into their browser settings to switch it off or choose "Click to Play" in the plug-in's settings - then the browser will only use Flash when the user authorises it with a mouse click. This is a good protection against compromised websites. Doing without Java is not so easy.
"That does have a right to exist outside the browser," says Schultz. However, a trial de-installation can be worth trying. Even applications that require Java often only need it for certain limited functions.
Comments
Comments are closed.