back to article Silverlight finally becomes popular ... with crims

Silverlight has become a choice target for VXers who are foisting nasty exploit kits (EKs) on users through hacked advertising networks. Attacks targeting Silverlight have spiked since 23 April as attackers look for web platforms to target now that Java and Flash have cleaned up their acts a bit. Cisco lead threat researcher …


This topic is closed for new posts.
  1. Dan 55 Silver badge


    Will Silverlight be updated on XP or will the XP version be left unsupported like IE just because it runs on XP?

    1. Anonymous Coward
      Anonymous Coward

      Re: XP

      It most likely will be unpatched. End of life tends to mean that.

      99% of people can uninstall.

      1. silent_count

        EoL means EoL

        "It most likely will be unpatched. End of life tends to mean that."

        What it means depends on how important you are.

        'EoL means EoL', is what MS will say when some malware exploits an unmatched vulnerability to cause pain and hardship to XP users.

        Should someone manage to break the portion(s) of Silverlight which are used to implement, for example, Netflix's DRM (which subsequently allows Netflixers-on-XP to save unencrypted movies) I'll bet'cha a beer that MS won't be telling the film studios execs that 'EoL means EoL'.

  2. wyatt

    My company is still developing software using Silverlight even though they knew years ago support was going to be limited. Unfortunately they've also not made their software forward compatible so customers have to stay on the version it was written for, updates whilst planned are not yet completed. Lets hope they keep their PCs off the internet (highly likely given the customers)!

    1. Nick Ryan Silver badge

      I managed to head off a supplier of ours from switching to silverlight when, a couple of years ago, they announced at an event that they were going to start using it. A choice: HTML (enhanced with HTML5 tech) or silverlight? It's a no brainer.

  3. Proud Father

    I have Silverlight install for one reason only, Netflix needs it.

    That's it, nothing else uses it.

    1. Anonymous Coward
      Anonymous Coward

      One or two other media streaming services use(d) it. I suspect because there's DRM in there.

      1. Proud Father


        Sorry that was ambiguous, it should read:

        Nothing else *I* use needs it, just Netflix.

    2. DrXym

      Amazon Prime uses it too.

      I bet they only use it is for DRM streaming. Once browsers get proper support for encrypted media extensions you can bet they'll dump Silverlight as fast as is practicable.

    3. big_D Silver badge

      Amazon Prime Video as well. :-(

  4. Michael Habel

    I have Silverlight install for one reason only, Netflix needs it. That's it, nothing else uses it.

    One or two other media streaming services use(d) it. I suspect because there's DRM in there.

    Someone should find a 'xploit to remove the digital rights infection. It may or, may not sway Microsofts daft hand at issuing a Patch. But, it might encourage Netflix and the like to move on to HTML5, with its Adobe infected Firefox backed DRM instead. So those on Linux can also start to use the Service if they so wished.

    1. DrXym

      It would be a different matter if we were talking about content you bought and owned and where there is a reasonable expectation to be able to play content on any device, transfer it etc.

      But Netflix is streaming subscription service. Streaming and rental services should be able to employ any DRM and support any platform they see fit in order to protect it from casual ripping.

      I'm sure these services hate Silverlight and would prefer if they could support browsers in Linux, but until a viable alternative appears such as EME in HTML they won't because they can't.

      1. Naich

        Netflix on Linux

        There is a package to run Netflix which I've been using for a few months now and it works a treat:

  5. Disgruntled of TW

    Sky don't support Silverlight v5

    ... their Sky GO viewer just doesn't work on the latest version of Silverlight that Automatic Updates tries to feed you repeatedly. You are forced to downgrade to v4, which isn't easy for non-techies.

    Normal user experience from Sky. Not a nice company.

    1. James O'Shea

      Re: Sky don't support Silverlight v5

      "Normal user experience from Sky. Not a nice company."

      Isn't Sky owned by The Alien? (Not an illegal alien, unfortunately; then he could be deported back to Echs) So why do you expect anything from his company but a, ahem, 'probe'?

  6. Anonymous Coward
    Anonymous Coward

    No problems here

    I refuse to install Silverlight on anything I own or control. Flash is bad enough thank you.

    1. Nick Ryan Silver badge

      Re: No problems here

      I'm getting by without Flash on my personal PCs as well as no Silverlight. Usually it's OK but I still come across fucknut websites that are "written in flash" rather than "enhanced by flash" but the number is reducing. Apple can take some credit for this. Now if the BBC were to ditch flash as well...

      Java is also blocked from running on my browsers as well. This has had less of an impact than not installing Flash as you'd imagine. Java is still installed for applications that require it, just no browser plugins.

  7. Anonymous Coward
    Anonymous Coward

    This might speed things along...

  8. Will Godfrey Silver badge

    Well I suppose we should be pleased that someone has found a use for it.

  9. JCitizen

    Thanks to the MPAA..

    I'm just about positive that all DRM is being exploited by nation based bad actors using it for industrial espionage. From what has happened to my clients, the forensic trail leads to this reality. We are all losing our national interests to the MPAA and the industry's greed.

    1. Pascal Monett Silver badge

      So you're saying that your clients are not media cartels (since industrial espionage does not concern music or video companies) and yet they use DRM ?

      Interesting. I didn't think that anyone outside MPAA affiliates had any use for DRM.

      1. JCitizen

        I'm saying that..

        I have direct evidence that the crapware that MPAA REQUIRES is being taken over by nation states, at least in this criminal environment. Why do people just trust these spywares in their computer? Anyone that makes software/hardware powerful enough to turn off your monitor, intercept your email in a MITM attack, reboot the computer without warning, block necessary SSL certificate updates, and quite frankly are so cocky they even put notes in files without really trying to hide them on what the target was doing last time they took them over, so they can pick up where they left off! This is a disgrace, and I've been fighting it since 2006. All you have to do is read the news headlines, some of them here at the Reg to see this has been going on for some time. Why trust something you absolutely have no control over, like NAA and MPAA authorized spyware? That is just naive if you ask me!

This topic is closed for new posts.

Other stories you might like