Silverlight Exploits Up, Java Exploits Down, Says Cisco 55
angry tapir writes: Attempts to exploit Silverlight soared massively in late 2014 according to research from Cisco. However, the use of Silverlight in absolute terms is still low compared to the use of Java and Flash as an attack vector, according to Cisco's 2015 Annual Security Report. The report's assessment of the 2014 threat landscape also notes that researchers observed Flash-based malware that interacted with JavaScript. The Flash/JS malware was split between two files to make it easier to evade anti-malware protection. (The full report is available online, but registration is required.)
Silverlight isn't long for this world (Score:4, Insightful)
That is not bad (Score:3)
Bad = Helping someone setup their Linksys router and discovering that since Belkin bought them (Belkin is remarkably inept, I think only 2 of their products ever worked for me and one of those was a cord!), the router setup web page (192.168.1.1) actually requires a very recent browser -- which precludes configuration using a mobile phone or iPad for no good reason --- and provides no way to NOT require a username and password to use the wirele
Re: (Score:2)
the router setup web page (192.168.1.1) actually requires a very recent browser -- which precludes configuration using a mobile phone or iPad for no good reason --- and provides no way to NOT require a username and password to use the wireless.
And you tried using Firefox mobile with "request desktop site" turned on? And you tried Firefox Beta, too?
Re:Silverlight isn't long for this world (Score:5, Informative)
Chrome on can use HTML5 for Netflix now.
Re: (Score:2)
Re: (Score:1)
Not true anymore. http://www.pcworld.com/article/2824623/ubuntu-linux-gets-netflix-without-weird-workarounds.html
Re: (Score:1)
Why wouldn't it support html5 for netflix?
Re: (Score:2)
Apparently in the US they also support Flash.
I found that Amazon's Silverlight player was an absolute abomination. Very rarely worked on my Windows machine. Worked a good deal better on my Mac, if I didn't mind overheating the thing for hours at a time.
Re: (Score:2)
Re: (Score:2)
Of course. This requires the EME (aka DRM) support in the browser. Netflix uses Silverlight because before then, they couldn't use a solution with DRM. Since the W3C created (with much protest) the EME spec, Chrome, Safari and IE implement it. Firefox refuses to out of pure ideology (no DRM, period!),
EME was pushed heavily by Netflix so they could move awa
Re: (Score:1)
Chrome has supported "HTML5" Netflix for many months now. Poke around in your account settings to see if you can find the "Prefer HTML5 video" checkbox.
Re: (Score:2)
Re: (Score:2)
Could Windows XP be approaching bug-free perfection?
Seems rather more likely it's just no longer worth targetting.
Re: (Score:1)
Why doesn't Netflix use Flash, at least as an alternative choice.
Re: (Score:2)
I suspect it's because the dinosaurs who licence their stuff to Netflix think Silverlight has trustworthy DRM magic dust, where other technologies aren't to be trusted.
Re: (Score:2)
Re: (Score:2)
The Netflix client logic is fairly complex (it dynamically jumps between servers, bitrates, and so on).
Yeah, that's why Netflix was originally WiMP-based. (whoops, could have sworn it used flash at one time, but DRM-only hence no Linux then. Maybe once it was flash UI with WIMP backend? [streamingmedia.com]) Because it can handle cool stuff like jumping between servers, bitrates, and so on. They switched to Silverlight for both UI and video fairly early on, and the rest is either history, or happening right now. On OSX it's already using HTML5 video on Safari, and on Windows it's supposed to be HTML5 on IE11. ISTR an article abo
Re:Netflix... (Score:5, Informative)
Why doesn't Netflix use Flash, at least as an alternative choice.
Netflix used to use Flash, but they moved to Silverlight in exchange for a seat on the board at Microsoft for their CEO. So they dropped Flash and went to Silverlight, which caused a lot of problems for a while which they eventually ironed out.
Re: (Score:2)
Reed Hastings has been gone from that board for a couple of years now.
I get annoyed with the notices from other sites that are asking for Silverlight. It's usually stuff on the login page. eBay and Tumblr (I think) are notable examples, but I've encountered several others.
Re: (Score:1)
Why doesn't Netflix use Flash, at least as an alternative choice.
If you need to ask then you wouldn't understand the answer.
Re: (Score:2)
Amazon Prime Video. Having that tab open in FF disables my screensaver in 8.1. Arg.
Re: (Score:2)
As others have said, Netflix will work in a recent enough build of Chrome on both Windows and Linux with no Silverlight required.
Re: (Score:1)
Does it use Silverlight? I can watch Netflix on my Linux machine without problems, and I don't have Silverlight installed...
Re: (Score:3, Interesting)
We used Silverlight to build enterprise apps because it's most resembling to fully-functional desktop app platform - like client-server except the server side is built on OData service with row-level access control (by SQL expression rewriting) and clients simply query everything by LINQ, maintaining maximum control over everything except authentication/authorization.
It boosts development time significantly for building apps of the same functionality and does a lot of things which HTML5/JS cannot even matur
Re: (Score:2)
I hate to ask this, and I'm sure you're asking yourself, but: why didn't you just build on a desktop app platform? There's something preventing your users from running a full application?
Re: (Score:1)
Re: (Score:2)
It boosts development time significantly for building apps of the same functionality
Wow! Silverlight sounds great! I'm always looking for ways to boost my development time. I charge by the hour.
Re: (Score:1)
The result products are superior and they're done in lesser time. What else should I care about? If you want to talk about life span of the platform, all Microsoft related tech would have to be abandoned.
Re: (Score:1)
I'm aware of that. But SVG and Canvas only come into major browsers recently and they're not even properly hardware-accelerated yet (I wanted the level of performance you can see in Qt or WPF), let alone any UI frameworks built on top of them.
WebGL might be a better choice. Its performance even in infant stage is years ahead of anything 2D renderers have to offer. But that doesn't solve the incapability of JavaScript to handle binary data such as conversion between different text encodings or parsing office
Re: (Score:2)
you know what's funny?
microsoft announces death of silverlight -> announces silverlight as the thing for wp.
microsoft announces death of xna -> announces pretty much xna as the thing for games for wp / metro.
Re: (Score:2)
Microsoft says "silverlight s dead", ex Silverlight team (now working on WP) announces Silverlight as the thing for WP.
I guess its the natureof Microsoft's non-joined-up team structures, one team likes something another team doesn't. I think things are changing now with Nadella actually taking charge.
The thing for WP and Metro, according to Microsoft is Cordova! I can't argue against that, even Microsoft knows cross-platform toolsets are the way forward :-)
Re: (Score:3)
Extinguish ? Flash needs to die in a fire.
Why is MS Still pushing it then? (Score:3, Informative)
I build a new Windows 7 VM last week.
After the close to 750Mb of patches in the 'download and reboot' cycle, up pops Slitherlight (Like Slitherin in Harry Potter, not nice) as an optional download.
I do not want it but even after hiding it, like a bad penny it keeps on coming back.
Can we really try to get rid of this thing (and flash for that matter). The world has moved on and it is not needed anymore.
Re: (Score:2, Interesting)
You hide specific KB numbers / Silverlight releases, not Silverlight as a product.
This means that the first time you hide Silverlight, it is the latest version of Silverlight you are hiding. You will then be offered the second-to-last version (note that the KB numbers and dates change). This will continue until you have hidden every release of Silverlight. When a new version is released it will appear as new download, but you won't have to go through the whole hide-previous-updates again.
Re: (Score:2)
I really am not happy with the way the web is reducing itself to Ein Language, Ein Platform, Ein Consortium
The only free and open 'non-standard web technologies' I can think of are Java applets (oh dear) and Dart.
Flash and Silverlight are proprietary.
Anyway, what's wrong with the web as a single platform? You still have your pick of browsers.
Re: (Score:1)
Forgive me, but what's bad with Java applets? They're way more efficient than HTML+Javascript, i.e. something which requires a 2009 machine today would require a 1999 in Java. Java libraries are a lot richer than Javascript both for connectivity and UI. If you're worried about Oracle's treatment of the Java applet platform, choose a decent launcher/updater.
Are you honestly asking what's wrong with having only one platform for development? What's wrong with ANSI C as a single platform? Win32 as a single plat
Re: (Score:3)
Forgive me, but what's bad with Java applets?
Security (the greatest downside imo), inability to (ever!) run on mobile devices, increased RAM use from pulling in a whole JVM, external dependency beyond a web-browser, immaturity of JavaFX. Historically Java applets would often cause a browser crash, but that seems not be a an issue these days (presumably as we've just got the horsepower to cope).
They're way more efficient than HTML+Javascript
JavaScript JIT compilers are pretty damn good these days. I suspect that you're right, but performance can be pretty good with web technologies. There are worki
Java updated yesterday (Score:2)