Microsoft Flash FLIP-FLOP: it's now IE10 default for Win8, WinRT
Only 4% of sites still considered off-limits
Updated Microsoft has had an apparent change of heart with regard to Adobe Flash content on Windows 8 and Windows RT: it has announced that it will now allow most Flash content to run by default in Internet Explorer 10 on both operating systems.
"We believe having more sites 'just work' in IE10 improves the experience for consumers, businesses, and developers," Rob Mauceri, Microsoft's group program manager for IE, said in a blog post on Monday.
Previously, Microsoft had only allowed Flash content to be displayed by those sites listed in the "Flash" whitelist section of IE10's Compatibility View (CV) list. Beginning on Tuesday, the whitelist restriction will be lifted, and only those sites listed in the "No Flash" blacklist section of the CV will have their Flash content blocked.
As before, the restrictions on Flash chiefly apply to the version of IE10 that runs in The Interface Formerly Known as Metro (TIFKAM). The desktop version of IE10 for Windows 7 and 8 has always been able to run all Flash content by default, and still can.
That's no consolation for users of Surface and other Windows RT devices, however, since the desktop version of IE10 for Windows RT also blocks Flash using the CV, just like the TIFKAM version does. And even Windows 8 defaults to the TIFKAM version of the browser; users must explicitly configure IE to run on the desktop, and it's cumbersome to switch between the two modes.
So why this newfound largesse toward the oft-maligned Adobe tech? According to Mauceri, it's because developers across the entire web have been working hard to get their Flash apps shipshape enough for Microsoft's browser, by improving their content's performance, touch responsiveness, and power consumption.
"Of the thousands of domains tested for Flash compatibility to date, we have found fewer than 4 per cent are still incompatible," Mauceri writes, adding that most of those sites were flagged because they required other ActiveX controls in addition to Flash.
Such controls are strict no-no's for the TIFKAM version of IE10, which Microsoft has set out to make a "plug-in–free" experience for users. With the touch-centric version of the browser, even the Flash Player is an integrated component, rather than a plug-in.
That means it's up to Microsoft, rather than Adobe, to provide patches and security fixes for the version of Flash that's bundled with IE10. This led to some uproar early on, when Microsoft lagged behind Adobe in fixing Flash vulnerabilities.
These days, however, Adobe has synchronized its own Flash patching schedule with Microsoft's Patch Tuesdays, and the two companies are working closely to manage Flash security on the Windows platform – which could help to explain Redmond's decision to ease its restrictions on Flash content.
Still more significant, perhaps, is that Microsoft has been the only vendor to block Flash content from its browser without giving users a way to opt out of the blacklist. That may be a decision it has come to regret, particularly in the case of Windows RT devices, for which no alternative browsers are available.
"As a practical matter, the primary device you walk around with should give you access to all the Web content on the sites you rely on. Otherwise, the device is just a companion to a PC," Mauceri observes.
Also beginning on Tuesday, Microsoft's modern.IE web testing suite will add a new tool that will tell developers whether their sites are among the unlucky 4 per cent that are still stuck on the IE10 CV blacklist. If your sites are, this document explains how to get them off it. ®
An earlier version of this article said that Windows RT does not ship with a desktop version of IE10. That's not true – it's just that unlike on Windows 8, the Flash-blocking feature on Windows RT worked the same for the desktop browser as for the TIFKAM browser, so there was no way to avoid it. The restrictions for both browsers will be loosened on Tuesday, as described. We regret the error.
Sponsored: Protecting mobile certificates