Feeds

Microsoft Flash FLIP-FLOP: it's now IE10 default for Win8, WinRT

Only 4% of sites still considered off-limits

Internet Security Threat Report 2014

Updated Microsoft has had an apparent change of heart with regard to Adobe Flash content on Windows 8 and Windows RT: it has announced that it will now allow most Flash content to run by default in Internet Explorer 10 on both operating systems.

"We believe having more sites 'just work' in IE10 improves the experience for consumers, businesses, and developers," Rob Mauceri, Microsoft's group program manager for IE, said in a blog post on Monday.

Previously, Microsoft had only allowed Flash content to be displayed by those sites listed in the "Flash" whitelist section of IE10's Compatibility View (CV) list. Beginning on Tuesday, the whitelist restriction will be lifted, and only those sites listed in the "No Flash" blacklist section of the CV will have their Flash content blocked.

As before, the restrictions on Flash chiefly apply to the version of IE10 that runs in The Interface Formerly Known as Metro (TIFKAM). The desktop version of IE10 for Windows 7 and 8 has always been able to run all Flash content by default, and still can.

That's no consolation for users of Surface and other Windows RT devices, however, since the desktop version of IE10 for Windows RT also blocks Flash using the CV, just like the TIFKAM version does. And even Windows 8 defaults to the TIFKAM version of the browser; users must explicitly configure IE to run on the desktop, and it's cumbersome to switch between the two modes.

So why this newfound largesse toward the oft-maligned Adobe tech? According to Mauceri, it's because developers across the entire web have been working hard to get their Flash apps shipshape enough for Microsoft's browser, by improving their content's performance, touch responsiveness, and power consumption.

"Of the thousands of domains tested for Flash compatibility to date, we have found fewer than 4 per cent are still incompatible," Mauceri writes, adding that most of those sites were flagged because they required other ActiveX controls in addition to Flash.

Such controls are strict no-no's for the TIFKAM version of IE10, which Microsoft has set out to make a "plug-in–free" experience for users. With the touch-centric version of the browser, even the Flash Player is an integrated component, rather than a plug-in.

That means it's up to Microsoft, rather than Adobe, to provide patches and security fixes for the version of Flash that's bundled with IE10. This led to some uproar early on, when Microsoft lagged behind Adobe in fixing Flash vulnerabilities.

These days, however, Adobe has synchronized its own Flash patching schedule with Microsoft's Patch Tuesdays, and the two companies are working closely to manage Flash security on the Windows platform – which could help to explain Redmond's decision to ease its restrictions on Flash content.

Still more significant, perhaps, is that Microsoft has been the only vendor to block Flash content from its browser without giving users a way to opt out of the blacklist. That may be a decision it has come to regret, particularly in the case of Windows RT devices, for which no alternative browsers are available.

"As a practical matter, the primary device you walk around with should give you access to all the Web content on the sites you rely on. Otherwise, the device is just a companion to a PC," Mauceri observes. 

Also beginning on Tuesday, Microsoft's modern.IE web testing suite will add a new tool that will tell developers whether their sites are among the unlucky 4 per cent that are still stuck on the IE10 CV blacklist. If your sites are, this document explains how to get them off it. ®

Update

An earlier version of this article said that Windows RT does not ship with a desktop version of IE10. That's not true – it's just that unlike on Windows 8, the Flash-blocking feature on Windows RT worked the same for the desktop browser as for the TIFKAM browser, so there was no way to avoid it. The restrictions for both browsers will be loosened on Tuesday, as described. We regret the error.

Beginner's guide to SSL certificates

More from The Register

next story
Be real, Apple: In-app goodie grab games AREN'T FREE – EU
Cupertino stands down after Euro legal threats
Download alert: Nearly ALL top 100 Android, iOS paid apps hacked
Attack of the Clones? Yeah, but much, much scarier – report
You stupid BRICK! PCs running Avast AV can't handle Windows fixes
Fix issued, fingers pointed, forums in flames
Microsoft: Your Linux Docker containers are now OURS to command
New tool lets admins wrangle Linux apps from Windows
Bada-Bing! Mozilla flips Firefox to YAHOO! for search
Microsoft system will be the default for browser in US until 2020
Facebook, working on Facebook at Work, works on Facebook. At Work
You don't want your cat or drunk pics at the office
Soz, web devs: Google snatches its Wallet off the table
Killing off web service in 3 months... but app-happy bonkers are fine
prev story

Whitepapers

Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
How to determine if cloud backup is right for your servers
Two key factors, technical feasibility and TCO economics, that backup and IT operations managers should consider when assessing cloud backup.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
The Heartbleed Bug: how to protect your business with Symantec
What happens when the next Heartbleed (or worse) comes along, and what can you do to weather another chapter in an all-too-familiar string of debilitating attacks?