Twitter is getting a lot of action today about a CNET article highlighting security concerns with Flash content running on web sites.
I’m not a security expert nor a Flash developer, so I won’t comment on the technical aspects of the warning. At first glance, it looks like web conferencing applications shouldn’t be a problem… The concern is for malicious Flash applications specifically built to be run on their own in a web browser and possibly camouflaged inside other things such as images.
But the “shot across the bow” comes near the end of the article where the interviewed security expert, Mike Bailey, says “users should disable Flash completely or use NoScript, a browser plug-in that blocks Flash and Java from untrusted sites.”
Flash is becoming a much more common base platform for web conferencing technologies. Vendors like it because they don’t have to make multiple versions for different operating systems and it can significantly speed and ease access times and operations compared to computer-installed applications (such as WebEx or Live Meeting client installs). Connect Pro, omNovia, ON24, VoxWire, and many others have made big investments in running their web conferencing packages as Flash applications.
The typical quote that all these vendors rely on is Adobe’s assertion that 98-99 percent of all Internet-connected computers already have the Flash Player installed and ready to use. But if companies start turning off access to Flash content as a standard security measure, web conferences are going to turn into tech support nightmares. If you rely on Flash and a presenter or attendee can’t run Flash, they are out of luck. There is no fallback workaround.
I’ve run into isolated instances of Flash-blocked webinar attendees in the past. This is particularly prevalent in high security locations such as medical and financial organizations. Their only solution is to move to another computer outside the security restrictions of their organization. And that doesn’t go over very well when you are trying to reach a business worker in the middle of her work day.
If IT departments decide to take the safe and easy route – just block all Flash so we don’t have to worry about it – there are a lot of web conference vendors and users who are going to be in a world of hurt. I’ll be keeping my eye on developments.
By Ken Molay, president of Webinar Success
Originally posted on The Webinar Blog