Feeds

Microsoft Flash FLIP-FLOP: it's now IE10 default for Win8, WinRT

Only 4% of sites still considered off-limits

Choosing a cloud hosting partner with confidence

Updated Microsoft has had an apparent change of heart with regard to Adobe Flash content on Windows 8 and Windows RT: it has announced that it will now allow most Flash content to run by default in Internet Explorer 10 on both operating systems.

"We believe having more sites 'just work' in IE10 improves the experience for consumers, businesses, and developers," Rob Mauceri, Microsoft's group program manager for IE, said in a blog post on Monday.

Previously, Microsoft had only allowed Flash content to be displayed by those sites listed in the "Flash" whitelist section of IE10's Compatibility View (CV) list. Beginning on Tuesday, the whitelist restriction will be lifted, and only those sites listed in the "No Flash" blacklist section of the CV will have their Flash content blocked.

As before, the restrictions on Flash chiefly apply to the version of IE10 that runs in The Interface Formerly Known as Metro (TIFKAM). The desktop version of IE10 for Windows 7 and 8 has always been able to run all Flash content by default, and still can.

That's no consolation for users of Surface and other Windows RT devices, however, since the desktop version of IE10 for Windows RT also blocks Flash using the CV, just like the TIFKAM version does. And even Windows 8 defaults to the TIFKAM version of the browser; users must explicitly configure IE to run on the desktop, and it's cumbersome to switch between the two modes.

So why this newfound largesse toward the oft-maligned Adobe tech? According to Mauceri, it's because developers across the entire web have been working hard to get their Flash apps shipshape enough for Microsoft's browser, by improving their content's performance, touch responsiveness, and power consumption.

"Of the thousands of domains tested for Flash compatibility to date, we have found fewer than 4 per cent are still incompatible," Mauceri writes, adding that most of those sites were flagged because they required other ActiveX controls in addition to Flash.

Such controls are strict no-no's for the TIFKAM version of IE10, which Microsoft has set out to make a "plug-in–free" experience for users. With the touch-centric version of the browser, even the Flash Player is an integrated component, rather than a plug-in.

That means it's up to Microsoft, rather than Adobe, to provide patches and security fixes for the version of Flash that's bundled with IE10. This led to some uproar early on, when Microsoft lagged behind Adobe in fixing Flash vulnerabilities.

These days, however, Adobe has synchronized its own Flash patching schedule with Microsoft's Patch Tuesdays, and the two companies are working closely to manage Flash security on the Windows platform – which could help to explain Redmond's decision to ease its restrictions on Flash content.

Still more significant, perhaps, is that Microsoft has been the only vendor to block Flash content from its browser without giving users a way to opt out of the blacklist. That may be a decision it has come to regret, particularly in the case of Windows RT devices, for which no alternative browsers are available.

"As a practical matter, the primary device you walk around with should give you access to all the Web content on the sites you rely on. Otherwise, the device is just a companion to a PC," Mauceri observes. 

Also beginning on Tuesday, Microsoft's modern.IE web testing suite will add a new tool that will tell developers whether their sites are among the unlucky 4 per cent that are still stuck on the IE10 CV blacklist. If your sites are, this document explains how to get them off it. ®

Update

An earlier version of this article said that Windows RT does not ship with a desktop version of IE10. That's not true – it's just that unlike on Windows 8, the Flash-blocking feature on Windows RT worked the same for the desktop browser as for the TIFKAM browser, so there was no way to avoid it. The restrictions for both browsers will be loosened on Tuesday, as described. We regret the error.

Internet Security Threat Report 2014

More from The Register

next story
Preview redux: Microsoft ships new Windows 10 build with 7,000 changes
Latest bleeding-edge bits borrow Action Center from Windows Phone
Google opens Inbox – email for people too thick to handle email
Print this article out and give it to someone tech-y if you get stuck
Microsoft promises Windows 10 will mean two-factor auth for all
Sneak peek at security features Redmond's baking into new OS
UNIX greybeards threaten Debian fork over systemd plan
'Veteran Unix Admins' fear desktop emphasis is betraying open source
Entity Framework goes 'code first' as Microsoft pulls visual design tool
Visual Studio database diagramming's out the window
Google+ goes TITSUP. But WHO knew? How long? Anyone ... Hello ...
Wobbly Gmail, Contacts, Calendar on the other hand ...
DEATH by PowerPoint: Microsoft warns of 0-day attack hidden in slides
Might put out patch in update, might chuck it out sooner
Ubuntu 14.10 tries pulling a Steve Ballmer on cloudy offerings
Oi, Windows, centOS and openSUSE – behave, we're all friends here
prev story

Whitepapers

Choosing cloud Backup services
Demystify how you can address your data protection needs in your small- to medium-sized business and select the best online backup service to meet your needs.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.