The following lines were added (+) and removed (-):
The issue of insanely poor security in the Flash Player is a subject matter all on its own.The issue of insanely poor security in the Flash Player is a subject matter all on its own. Many security issues could be addressed if Adobe would allow the various features of Flash to be selectable, on and off, by users much the same as MSIE Internet zone security allows. Flash has no mentionable configuration option for users. It is pretty much all or nothing. Flash has become the instrumental of an ever increasingly crafty way of bombarding the browsing experience with commercial advertisements and popups. Most popup blockers are useless against popups opened by Flash. Flash can open popups, redirect your browser, and force execution of adware without user permission.== Get Adobe Flash and Reader without GetPlus in Firefox ==Adobe Flash is constantly being used as a delivery mechanism for malware. Hackers (malicious programmers) are taking advantage of flaws in the fundamental design of Flash in ways that cannot be anticipated. Like ActiveX, QuickTime, and other browser components, Flash has had its share security vulnerabilities. Experts now believe that Flash has had more total serious vulnerabilities than both ActiveX and Quicktime put together. The problem with Flash is its absence of controls to disable behavior like Web site redirection. End users have no control over what's offered in Flash. There is nothing the end-user can do to avoid the malicious behavior other than disable the Flash plugin. If Flash is installed on your system it can be hijacked. === Hackers Use Flash to Take Control of your Computer === In June of 2010 security experts announced on a flaw in Adobe Flash and Acrobat Reader that gives malicious hackers control of victims' computers. They advise the industry stop using Adobe Flash and look to alternatives such as HTML5 as the future of Web video. The flaw discovered in Adobe flash could be used to crash a victim's PC and let hackers take over the machine. The very serious flaw is labeled CVE-2010-1297 and exists in Adobe Flash Player 10.0.45.2 and earlier versions for Windows and Macintosh. An attacker simply creates a malicious SWF file and embeds it in a web page waiting for someone to visit the page, much like a Venus fly trap waits for a fly to land. Symantec has named the exploit "Trojan.Pidief.J." and says the exploit drops a back door Trojan onto a victim's computer if the computer has one of the affected Adobe products installed. Symantec also spotted an attack using a malicious SWF file. The attack is used in conjunction with an HTML file to download another piece of malware from the Internet they call "Backdoor.Trojan." Victims could be hit when they visit a web site that looks completely harmless. == Adobe Flash Full Installer == === Automatic Update Warning === In the past, Adobe has used malware in an attempt to control plugin access and updates. The malware was known as GetPlus, a so-called software updater. Although Adobe abandoned GetPlus after overwhelming criticism from the Internet community, some versions of GetPlus still exist. To avoid the [[Adobe GetPlus DLM Vulnerability]], you must be careful how you install or update the Adoble Flash Player plugin. Steps to avoid this spyware is covered on the [[Adobe GetPlus DLM Vulnerability]] page. Adobe still uses an automatic update (2015) which although is not GetPlus, it is capable of adding [[PUP]] malware addons in the future if Adobe Corp so chooses to do that to your computer. Keep in mind that they installed the GetPlus malware on thousands of customer computers without warning. For this reason we recommend you disable automatic updates from Adobe and manually install each Flash update using the full Adobe installer. === Full Installer vs Online Installer === The regular installer on their customer website uses a small program to pull Adobe Flash from over the Internet during installation. It is preferable to use a traditional full installer which can be downloaded in its entirety for installation. The full installer, once downloaded, does not require an active Internet connection to update Flash player, and can be stored on removable storage for use installing on other computers which may not have an Internet connection. Rather than using the Adobe installer, it is recommended you use the '''[[Adobe Flash Player Full Installer]]'''. Each time you install or update [[Adobe Flash Player]] with the full installer, you need to remember to Tell Adobe Flash '''NOT TO AUTO INSTALL UPDATES'''. You will note that this is step #3 in the [[Adobe Flash Player Full Installer]] guide. If you accidentally skip step #3 you can always go to the Global Settings of Flash Player and change the option, ''see below''. === How to disable Automatic Updates === {{:Adobe Flash Player- How to disable Automatic Updates}} == Determine Flash Version == The Adobe web site has a tool that will display the current version of Flash Player on your system.* http://www.adobe.com/software/flash/about/ == Install / Update Adobe Flash == Mozilla Firefox users on Microsoft Windows should use the [[Adobe Flash Player Full Installer]]. For Linux users [[Install Update Flash Plugin Ubuntu]] demonstrates the process for Debian based distributions.To avoid the [[Adobe GetPlus DLM Vulnerability]], you must be careful how you install or update the Adoble Flash Player plugin. Steps to avoid this spyware is covered on the [[Adobe GetPlus DLM Vulnerability]] page.See also: All pages relating to [http://wiki.robotz.com/index.php?title=Special%3ASearch&search=Adobe+Flash&go=Go Adobe Flash Player][[Category:Security]]