Feeds

Microsoft Flash FLIP-FLOP: it's now IE10 default for Win8, WinRT

Only 4% of sites still considered off-limits

Combat fraud and increase customer satisfaction

Updated Microsoft has had an apparent change of heart with regard to Adobe Flash content on Windows 8 and Windows RT: it has announced that it will now allow most Flash content to run by default in Internet Explorer 10 on both operating systems.

"We believe having more sites 'just work' in IE10 improves the experience for consumers, businesses, and developers," Rob Mauceri, Microsoft's group program manager for IE, said in a blog post on Monday.

Previously, Microsoft had only allowed Flash content to be displayed by those sites listed in the "Flash" whitelist section of IE10's Compatibility View (CV) list. Beginning on Tuesday, the whitelist restriction will be lifted, and only those sites listed in the "No Flash" blacklist section of the CV will have their Flash content blocked.

As before, the restrictions on Flash chiefly apply to the version of IE10 that runs in The Interface Formerly Known as Metro (TIFKAM). The desktop version of IE10 for Windows 7 and 8 has always been able to run all Flash content by default, and still can.

That's no consolation for users of Surface and other Windows RT devices, however, since the desktop version of IE10 for Windows RT also blocks Flash using the CV, just like the TIFKAM version does. And even Windows 8 defaults to the TIFKAM version of the browser; users must explicitly configure IE to run on the desktop, and it's cumbersome to switch between the two modes.

So why this newfound largesse toward the oft-maligned Adobe tech? According to Mauceri, it's because developers across the entire web have been working hard to get their Flash apps shipshape enough for Microsoft's browser, by improving their content's performance, touch responsiveness, and power consumption.

"Of the thousands of domains tested for Flash compatibility to date, we have found fewer than 4 per cent are still incompatible," Mauceri writes, adding that most of those sites were flagged because they required other ActiveX controls in addition to Flash.

Such controls are strict no-no's for the TIFKAM version of IE10, which Microsoft has set out to make a "plug-in–free" experience for users. With the touch-centric version of the browser, even the Flash Player is an integrated component, rather than a plug-in.

That means it's up to Microsoft, rather than Adobe, to provide patches and security fixes for the version of Flash that's bundled with IE10. This led to some uproar early on, when Microsoft lagged behind Adobe in fixing Flash vulnerabilities.

These days, however, Adobe has synchronized its own Flash patching schedule with Microsoft's Patch Tuesdays, and the two companies are working closely to manage Flash security on the Windows platform – which could help to explain Redmond's decision to ease its restrictions on Flash content.

Still more significant, perhaps, is that Microsoft has been the only vendor to block Flash content from its browser without giving users a way to opt out of the blacklist. That may be a decision it has come to regret, particularly in the case of Windows RT devices, for which no alternative browsers are available.

"As a practical matter, the primary device you walk around with should give you access to all the Web content on the sites you rely on. Otherwise, the device is just a companion to a PC," Mauceri observes. 

Also beginning on Tuesday, Microsoft's modern.IE web testing suite will add a new tool that will tell developers whether their sites are among the unlucky 4 per cent that are still stuck on the IE10 CV blacklist. If your sites are, this document explains how to get them off it. ®

Update

An earlier version of this article said that Windows RT does not ship with a desktop version of IE10. That's not true – it's just that unlike on Windows 8, the Flash-blocking feature on Windows RT worked the same for the desktop browser as for the TIFKAM browser, so there was no way to avoid it. The restrictions for both browsers will be loosened on Tuesday, as described. We regret the error.

Combat fraud and increase customer satisfaction

More from The Register

next story
This time it's 'Personal': new Office 365 sub covers just two devices
Redmond also brings Office into Google's back yard
Oh no, Joe: WinPhone users already griping over 8.1 mega-update
Hang on. Which bit of Developer Preview don't you understand?
Microsoft lobs pre-release Windows Phone 8.1 at devs who dare
App makers can load it before anyone else, but if they do they're stuck with it
Half of Twitter's 'active users' are SILENT STALKERS
Nearly 50% have NEVER tweeted a word
Internet-of-stuff startup dumps NoSQL for ... SQL?
NoSQL taste great at first but lacks proper nutrients, says startup cloud whiz
Ditch the sync, paddle in the Streem: Upstart offers syncless sharing
Upload, delete and carry on sharing afterwards?
New Facebook phone app allows you to stalk your mates
Nearby Friends feature goes live in a few weeks
Microsoft TIER SMEAR changes app prices whether devs ask or not
Some go up, some go down, Redmond goes silent
Batten down the hatches, Ubuntu 14.04 LTS due in TWO DAYS
Admins dab straining server brows in advance of Trusty Tahr's long-term support landing
prev story

Whitepapers

SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.