Outdated plug-ins and add-ons compromise the security and stability of Chrome and Firefox. Robert Irvine explains why and how you should remove them.
Barely a week goes by without another security flaw being discovered in Flash, which leaves Adobe doing more patching than a patchwork-quilt factory. In 2012, the company had to introduce its own ‘Patch Tuesday-style monthly security update just to fix frequent vulnerabilities in Flash. And earlier this year, three serious ‘zero-day exploits’ (previously unknown security holes), which allowed hackers to infect your PC with Trojans, were discovered in the space of a month.
Add to this the well-known performance problems – such as Flash crashing and taking your browser with it – and it’s clear why you should opt out of this buggy old plug-in.
A lot of web content that once used Flash, such as videos, games and animations, is now rendered in HTML5, which is built into all modern browsers. YouTube recently announced that it was ditching Flash for HTML5, and Mozilla is developing a tool called Shumway that converts Flash content into HTML5. You can test Shumway by installing the add-on and trying the demos at mozilla.github.io/shumway, which include rendering this fearsome tiger.
Sadly, as some sites still use Flash, including BBC News, if you remove it, you won’t be able to see certain content. Instead, you should disable the plug-in and choose whether or not to run it when you encounter Flash. To do this in Chrome, go to Settings, ‘Show advanced settings’, Privacy and click ‘Content settings’. Scroll down to Plug-ins, select ‘Click to play’ and click Finished. In Firefox, go to Tools, Add-ons, Plugins and select ‘Ask to Activate’ next to Shockwave Flash.
Once regarded as a “key building block of the web”, Java has long served its purpose and, like Flash, its security vulnerabilities now make it more of a hindrance than a help. A few years ago, there was a significant increase in the number of malicious attacks targeting Java, and Oracle (the company that owns Java) was slow to patch known flaws. This led to Mozilla blocking Java in Firefox, and for security experts such as Graham Cluley to recommend that users disable the plug-in immediately. Java has never really recovered from this bad publicity, and remains neglected by Oracle.
Nothing, and generally you shouldn’t need to unless you’re visiting a particularly old website or using a program that’s based on Java (which will run separately from your browser). One place you’ll use it without realizing is on your Android phone, because Google’s mobile operating system was written in the Java programming language, as are most Android apps.
As with Flash, you can choose to run Java only when you need it, but it’s best to disable it altogether. In Firefox, go to Tools, Addons, Plugins and choose ‘Never activate’ next to the Java entries; and in Chrome, type chrome:plugins into the address bar, press Enter and disable Java from there.
Once touted as Microsoft’s more versatile alternative to Flash, Silverlight unfortunately replicated some of the same problems as Adobe’s plug-in, being slow to load, prone to crash and delivering less than perfect video playback. However, that hasn’t stopped many big names from using Silverlight, including Netflix (until 2013), Amazon (for Prime Instant Video) and, of course, Microsoft itself, including in Bing Maps. But with the last new version released four years ago and Windows 8 supposed to herald a new “plug-in free” era, it seems that Silverlight is on its way out.
Like Flash, Silverlight is gradually being phased out in favor of HTML5, with reports suggesting that Microsoft will drop support altogether by 2021. This means that you’re less likely to need the plug-in than a few years ago.
You can either run Silverlight only when you need it by choosing ‘Click to play’ or ‘Ask to Activate’, or disable it altogether, on your browser’s Plug-ins page. Alternatively, you can choose precisely which sites can display Silverlight content. Type Silverlight into your Start menu or screen, press Enter, then click the Permissions tab and click Allow or Deny for all listed sites.
With more than 1.3 million users, the image-enlargement tool Hover Zoom is probably the most popular Chrome extension to turn to the dark side. As it states on its page on the Chrome Web Store, you’re now required to grant the extension permission “to collect browsing activity to be used internally and shared with third parties”, which should immediately set alarm bells ringing. Hover Zoom is regarded as adware by the security tool Extension Defender (www.extensiondefender.com), because the data it collects (albeit anonymously) can be used to target you with ads.
If you find Hover Zoom useful but don’t like the idea of being spied on, you can stop it collecting data by going into the add-on’s Options and deselecting the option ‘Enable anonymous usage statistics’. If you still don’t trust it, switch to Hover Zoom+, which proudly proclaims itself to be a “spyware-free version of Hover Zoom” and works in exactly the same way.
It’s easy to get rid of Hover Zoom, and it won’t leave any traces of adware behind. Just right-click its icon on the toolbar and select ‘Remove from Chrome’. Alternatively, click the menu button, choose ‘More tools’, Extensions, then scroll down to the Hover Zoom entry and click the dustbin icon next to it.
There once was a time when McAfee SiteAdvisor was an essential security tool, but it now feels like a bloated memory guzzler that slows down your browser and displays scary red warning messages on perfectly safe sites. McAfee clearly thinks McAfee SiteAdvisor is past it, too, because it recently renamed the add-on mcafee webadvisor and gave it a new look that ditches the cumbersome old toolbar. However, at the time of writing, the transition was still in progress, meaning that McAfee SiteAdvisor is still widely available across the web.
There are several good alternatives to McAfee SiteAdvisor, which work in a similar way but are less heavy-handed and don’t patronise you with warnings saying: “Whoa! Are you sure you want to go there?”. The best is probably WOT (Web of Trust, www.mywot.com), which is available for Chrome, Firefox and Internet Explorer, and protects you from scams, untrustworthy links and dodgy stores, as rated by its community. We also like Bitdefender’s TrafficLight tool, which scans links (including ones posted on Facebook and Twitter) for malware, trackers and phishing attacks, and forewarns you before you click them.
As well as disabling or removing the McAfee SiteAdvisor add-on in your browser, and resetting your search engine, you should uninstall it through the Control Panel in Windows. You may need to restart your PC to complete the removal.