Until today — March 12, 2013 — Internet Explorer 10 in the new Windows UI allowed Adobe Flash content only when the site was on a special Microsoft-controlled whitelist. Now all sites are allowed except those on a special Microsoft-controlled blacklist. It's probably a concession to usability problems.
A major policy change by Microsoft will affect the user experience for Internet Explorer 10 users on Windows RT and Windows 8. The policy goes into effect today.
Previously, Microsoft used a whitelist approach to Flash support in IE10 — only sites on a Microsoft-curated whitelist were allowed to run Flash content. The restriction was put in place so as to allow only sites that worked properly in a touch environment and did not suffer certain battery-draining problems. According to Microsoft the change will only be implemented on systems where IE10, which integrates the Flash Player much as Google Chrome does, is fully patched. IE10 on Windows 8 in desktop mode is not restricted by either list.
Microsoft's explanation for the change is that "...we have seen through testing over the past several months, the vast majority of sites with Flash content are now compatible with the Windows experience for touch, performance, and battery life."
The whitelisting experience was confusing both developers and users. The new approach should make it far more common for IE10 users to see the content they expect on the web.
By the same token, the blacklist approach might create embarrassment for sites that are publicly labeled by Microsoft as unready for the experience. Perhaps Microsoft hopes this will spur them to address problems more promptly.
Whitelists are preferred in theory for security reasons because they allow curators of the list to maintain tight control of what will run. Blacklists put the onus on curators of knowing what content, of all out there on the web, is problematic.
Cybersecurity Strategies for the Digital EraAt its core, digital business relies on strong security practices. In addition, leveraging security intelligence and integrating security with operations and developer teams can help organizations push the boundaries of innovation.