Browser security: "The main thing is not to install Flash!"

You may have noticed that I'm not a huge fan of Flash. My feelings pre-date the iPhone/iPad debate about whether or not Flash should be included on those devices. Even back when I was using Windows and Opera, one of the features I used most often was "Disable Plugins" -- which was really another way of saying "Disable Flash," and I do that these days in Safari using ClickToFlash.

Flash lovers usually talk about how many games are only available using Flash. Flash haters usually talk about performance issues, especially on the Mac. Adobe tries to make the argument that not including Flash is bad for users' freedom of choice.

When it comes to browser security, Charlie Miller says that it's all about Flash. More specifically, avoiding Flash.

Miller, who has won the Pwn2Own contest two years running, was interviewed by Italian site OneITSecurity. They asked him what browser and OS he thought was the safest. The first part of his reply probably won't make Mac users happy: he suggests Windows 7 with either Chrome or IE8 saying "there probably isn't enough difference between the browsers to get worked up about." But the highlight for me was the next quote: "The main thing is not to install Flash!"

The guy who seems to be the best in the world at breaking into your web browser tells you that you shouldn't install Flash. Perhaps you should consider installing ClickToFlash; it's completely free, and tells Flash to load only when you tell it to load. That should make your browsing significantly safer on any platform.

Hat tip to Jay Hathaway at DownloadSquad for bringing this to our attention.