Outdated plug-ins and add-ons compromise the security and stability of Chrome and Firefox. Robert Irvine explains why and how you should remove them
FLASH
What's wrong with it?
Barely a week goes by without another security flaw being discovered in Flash, which leaves Adobe doing more patching than a patchwork-quilt factory. In 2012, the company had to introduce its own ‘Patch Tuesday-style monthly security update just to fix frequent vulnerabilities in Flash. And earlier this year, three serious ‘zero-day exploits’ (previously unknown security holes), which allowed hackers to infect your PC with Trojans, were discovered in the space of a month (bit.ly/flash369).
Add to this the well-known performance problems - such as Flash crashing and taking your browser with it - and it’s clear why you should opt out of this buggy old plug-in.
What can I use instead?
A lot of web content that once used Flash, such as videos, games and animations, is now rendered in HTML5, which is built into all modern browsers. YouTube recently announced that it was ditching Flash for HTML5, and Mozilla is developing a tool called Shumway that converts Flash content into HTML5. You can test Shumway by installing the add-on and trying the demos at mozilla.github.io/shumway, which include rendering this fearsome tiger.
How do I remove it?
Sadly, as some sites still use Flash, including BBC News, if you remove it, you won’t be able to see certain content. Instead, you should disable the plug-in and choose whether or not to run it when you encounter Flash. To do this in Chrome, go to Settings, ‘Show advanced settings’, Privacy and click ‘Content settings’. Scroll down to Plug-ins, select ‘Click to play’ and click Finished. In Firefox, go to Tools, Add-ons, Plugins and select ‘Ask to Activate’ next to Shockwave Flash.
JAVA
What's wrong with it?
Once regarded as a “key building block of the web”, Java has long served its purpose and, like Flash, its security vulnerabilities now make it more of a hindrance than a help. A few years ago, there was a significant increase in the number of malicious attacks targeting Java, and Oracle (the company that owns Java) was slow to patch known flaws. This led to Mozilla blocking Java in Firefox, and for security experts such as Graham Cluley to recommend that users disable the plug-in immediately (bit.ly/javaflaw369). Java has never really recovered from this bad publicity, and remains neglected by Oracle.
What can I use instead?
Nothing, and generally you shouldn’t need to unless you’re visiting a particularly old website or using a program that’s based on Java (which will run separately from your browser). One place you’ll use it without realising is on your Android phone, because Google's mobile operating system was written in the Java programming language, as are most Android apps.
How do I remove it?
As with Flash, you can choose to run Java only when you need it, but it’s best to disable it altogether. In Firefox, go to Tools, Addons, Plugins and choose ‘Never activate’ next to the Java entries; and in Chrome, type chrome:plugins into the address bar, press Enter and disable Java from there.
SILVERLIGHT
What's wrong with it?
Once touted as Microsoft’s more versatile alternative to Flash, Silverlight unfortunately replicated some of the same problems as Adobe’s plug-in, being slow to load, prone to crash and delivering less than perfect video playback. However, that hasn’t stopped many big names from using Silverlight, including Netflix (until 2013), Amazon (for Prime Instant Video) and, of course, Microsoft itself, including in Bing Maps. But with the last new version released four years ago and Windows 8 supposed to herald a new “plug-in free” era, it seems that Silverlight is on its way out.
What can I use instead?
Like Flash, Silverlight is gradually being phased out in favour of HTML5, with reports suggesting that Microsoft will drop support altogether by 2021. This means that you’re less likely to need the plug-in than a few years ago.
How do I remove it?
You can either run Silverlight only when you need it by choosing ‘Click to play’ or ‘Ask to Activate’, or disable it altogether, on your browser’s Plug-ins page. Alternatively, you can choose precisely which sites can display Silverlight content. Type Silverlight into your Start menu or screen, press Enter, then click the Permissions tab and click Allow or Deny for all listed sites.
HOVER ZOOM
What's wrong with it?
With more than 1.3 million users, the image-enlargement tool Hover Zoom is probably the most popular Chrome extension to turn to the dark side. As it states on its page on the Chrome Web Store, you're now required to grant the extension permission “to collect browsing activity to be used internally and shared with third parties”, which should immediately set alarm bells ringing. Hover Zoom is regarded as adware by the security tool Extension Defender (www.extensiondefender.com), because the data it collects (albeit anonymously) can be used to target you with ads.
What can I use instead?
If you find Hover Zoom useful but don’t like the idea of being spied on, you can stop it collecting data by going into the add-on’s Options and deselecting the option ‘Enable anonymous usage statistics’. If you still don’t trust it, switch to Hover Zoom+ (bit.ly/hoverzoomplus369), which proudly proclaims itself to be a “spyware-free version of Hover Zoom” and works in exactly the same way.
How do I remove it?
It’s easy to get rid of Hover Zoom, and it won’t leave any traces of adware behind. Just right-click its icon on the toolbar and select ‘Remove from Chrome’. Alternatively, click the menu button, choose ‘More tools’, Extensions, then scroll down to the Hover Zoom entry and click the dustbin icon next to it.
SITEADVISOR
What's wrong with it?
There once was a time when McAfee SiteAdvisor was an essential security tool, but it now feels like a bloated memory guzzler that slows down your browser and displays scary red warning messages on perfectly safe sites. McAfee clearly thinks SiteAdvisor is past it, too, because it recently renamed the add-on WebAdvisor and gave it a new look that ditches the cumbersome old toolbar. However, at the time of writing, the transition was still in progress, meaning that SiteAdvisor is still widely available across the web.
What can I use instead?
There are several good alternatives to SiteAdvisor, which work in a similar way but are less heavy-handed and don’t patronise you with warnings saying: “Whoa! Are you sure you want to go there?”. The best is probably WOT (Web of Trust, www.mywot.com), which is available for Chrome, Firefox and Internet Explorer, and protects you from scams, untrustworthy links and dodgy stores, as rated by its community. We also like Bitdefender’s TrafficLight tool (bit.ly/traffic369), which scans links (including ones posted on Facebook and Twitter) for malware, trackers and phishing attacks, and forewarns you before you click them.
How do I remove it?
As well as disabling or removing the SiteAdvisor add-on in your browser, and resetting your search engine, you should uninstall it through the Control Panel in Windows. You may need to restart your PC to complete the removal.