Difference between revisions of "Adobe Flash Player"

From Free Knowledge Base- The DUCK Project: information for everyone
Jump to: navigation, search
m
m
 
(16 intermediate revisions by one user not shown)
Line 1: Line 1:
 +
Adobe Flash (formerly Macromedia Flash) or Adobe Flash Player is a large weight, runtime environment for multimedia platform development that is popular for adding animation and interactivity to web pages. It can be used to add animation, video, and interactivity to web pages.
 +
 +
== History ==
 +
 +
FutureSplash Animator, developed by young Jonathan Gay, was the first version of Flash.  He created the program in 1995 and tried to entice Adobe.  Adobe was unimpressed and passed on the software at that time.  FutureSplash animator was first offered to the general public in 1996.  By 1997 Macromedia had acquired the program From Gay and the program was renamed Flash.  It was even known as Shockwave Flash for a period before a better distinction was made clear.  In 2005 Adobe bought out Macromedia, which now put Flash into their hands.
 +
 +
== Shockwave vs Flash ==
 +
 +
Both browser apps are the property of Adobe.  The terms Shockwave and Flash are sometimes used interchangeably, or even as a phrase "shockwave flash."  Although the differences are confusing, or even seemingly subtle to many, they are two different apps.
 +
 +
Shockwave, as a definitive plugin, was released before the Flash plugin.  In 1995 while Flash was still known by another name, Shockwave was being used as a way to play back multimedia content, animation and small programs in a Web page.
 +
 +
Shockwave is more powerful than Flash.  Shockwave includes a full 3D playback environment that uses 3D software and hardware, which is why Shockwave is used for a lot of 3D games on the Web. Shockwave can also incorporate Flash content inside Shockwave applications.
 +
 +
Macromedia adapted Flash from Future Splash Animator, a vector art animation program. Macromedia adapted Flash to utilize less bandwidth at the time since it was intended for use on Internet dial up connections.  Since then the small Flash footprint has been "stamped out" since Flash today is bloatware full of patches, too many little used features, and copyright protection schemes.
 +
 +
Flash is still considered to be less bandwidth intensive than Shockwave.  Flash is more universal. More than 90 percent of Web users have the Flash plug-in installed, while a little less than 60 percent have the Shockwave plug-in.
 +
 +
However, confusion is perpetuated by the SWF file format (filename.swf) or Shockwave Flash file format.  This is the extension for Flash files for playback using the Adobe Flash Player plugin.  Because adobe was originally known as Shockwave Flash, the file extension was an acronym for that name. 
 +
 +
Mime type: application/x-shockwave-flash, application/x-shockwave-flash2-preview, application/futuresplash, image/vnd.rn-realflash
 +
 +
== Criticisms of Adobe Flash ==
 +
 +
Websites that heavily use Flash suffer from loss of web browser standard functionality.  Some Flash designers use meta refreshes or other tricks to disable browser’s Back button. As the famous usability expert Jacob Nielsen says, ‘Back button is the second most important navigation element after hyperlinks’.  Flash also negatively impacts things like selecting text, scrollbars, form control and right-clicking, making these act differently than with a regular HTML webpage.
 +
 +
Mouse wheel scrolling is impacted by the presence of Flash on a web page.  In many browsers, it is not possible to scroll a web page with the mouse while the cursor is held over flash content. Scrolling with the arrow keys may require a click on the page outside the flash. 
 +
 +
In Windows, Shockwave/Flash (.swf) files cannot be right-clicked and saved.  Greedy companies use this as a way to limit access to information on the Internet, thus placing speed bumps on the Information Superhighway.  On photo sharing websites such as Webshots, a Flash overlay exists over the initial photo displayed, requiring a second click to retrieve the photo, slowing the experience considerably.
 +
 +
Flash can be used to store data about you when you browse the web, much like cookies, but much more secretly and extensively.  You can easily clear your browser cookies, but the data Flash saves can be hard to locate, if not impossible for most users. 
 +
 +
The issue of insanely poor security in the Flash Player is a subject matter all on its own.  Many security issues could be addressed if Adobe would allow the various features of Flash to be selectable, on and off, by users much the same as MSIE Internet zone security allows.  Flash has no mentionable configuration option for users.  It is pretty much all or nothing.
 +
 +
Flash has become the instrumental of an ever increasingly crafty way of bombarding the browsing experience with commercial advertisements and popups.  Most popup blockers are useless against popups opened by Flash.  Flash can open popups, redirect your browser, and force execution of adware without user permission.
  
 
== Lack of Security ==
 
== Lack of Security ==
Line 4: Line 39:
 
Adobe Flash seems to be vulnerable to an endless string of malware. Adobe products, especially FlashPlayer, Shockwave Player and Adobe (PDF) Reader, have had some serious security holes (vulnerabilities) that hackers that code viruses exploit to infect people's computers.
 
Adobe Flash seems to be vulnerable to an endless string of malware. Adobe products, especially FlashPlayer, Shockwave Player and Adobe (PDF) Reader, have had some serious security holes (vulnerabilities) that hackers that code viruses exploit to infect people's computers.
  
Adobe Flash malware also has the ability to be cross-platform, infecting everything from desktops to smartphones and anything else that runs Flash.   
+
Adobe Flash malware also has the ability to be cross-platform, infecting everything from desktops to smartphones and anything else that runs Flash.  There are over 100 entries in the Open Source Vulnerability Database, many that allow remote code execution on a victims computer.
 +
 
 +
Adobe Flash is constantly being used as a delivery mechanism for malware.  Hackers (malicious programmers) are taking advantage of flaws in the fundamental design of Flash in ways that cannot be anticipated.  Like ActiveX, QuickTime, and other browser components, Flash has had its share security vulnerabilities.  Experts now believe that Flash has had more total serious vulnerabilities than both ActiveX and Quicktime put together. 
 +
 
 +
The problem with Flash is its absence of controls to disable behavior like Web site redirection.  End users have no control over what's offered in Flash.  There is nothing the end-user can do to avoid the malicious behavior other than disable the Flash plugin.  If Flash is installed on your system it can be hijacked.
 +
 
 +
=== Hackers Use Flash to Take Control of your Computer ===
 +
 
 +
In June of 2010 security experts announced on a flaw in Adobe Flash and Acrobat Reader that gives malicious hackers control of victims' computers. They advise the industry stop using Adobe Flash and look to alternatives such as HTML5 as the future of Web video.  The flaw discovered in Adobe flash could be used to crash a victim's PC and let hackers take over the machine. 
 +
 
 +
The very serious flaw is labeled CVE-2010-1297 and exists in Adobe Flash Player 10.0.45.2 and earlier versions for Windows and Macintosh.  An attacker simply creates a malicious SWF file and embeds it in a web page waiting for someone to visit the page, much like a Venus fly trap waits for a fly to land. 
 +
 
 +
Symantec has named the exploit "Trojan.Pidief.J." and says the exploit drops a back door Trojan onto a victim's computer if the computer has one of the affected Adobe products installed.  Symantec also spotted an attack using a malicious SWF file. The attack is used in conjunction with an HTML file to download another piece of malware from the Internet they call "Backdoor.Trojan."  Victims could be hit when they visit a web site that looks completely harmless.
 +
 
 +
== Adobe Flash Full Installer ==
 +
 
 +
=== Automatic Update Warning ===
 +
 
 +
In the past, Adobe has used malware in an attempt to control plugin access and updates.  The malware was known as GetPlus, a so-called software updater.  Although Adobe abandoned GetPlus after overwhelming criticism from the Internet community, some versions of GetPlus still exist.  To avoid the [[Adobe GetPlus DLM Vulnerability]], you must be careful how you install or update the Adoble Flash Player plugin.  Steps to avoid this spyware is covered on the [[Adobe GetPlus DLM Vulnerability]] page. 
 +
 
 +
Adobe still uses an automatic update (2015) which although is not GetPlus, it is capable of adding [[PUP]] malware addons in the future if Adobe Corp so chooses to do that to your computer.  Keep in mind that they installed the GetPlus malware on thousands of customer computers without warning.  For this reason we recommend you disable automatic updates from Adobe and manually install each Flash update using the full Adobe installer.
 +
 
 +
=== Full Installer vs Online Installer ===
 +
 
 +
The regular installer on their customer website uses a small program to pull Adobe Flash from over the Internet during installation.  It is preferable to use a traditional full installer which can be downloaded in its entirety for installation.  The full installer, once downloaded, does not require an active Internet connection to update Flash player, and can be stored on removable storage for use installing on other computers which may not have an Internet connection.
 +
 
 +
Rather than using the Adobe installer, it is recommended you use the '''[[Adobe Flash Player Full Installer]]'''.  Each time you install or update [[Adobe Flash Player]] with the full installer, you need to remember to Tell Adobe Flash '''NOT TO AUTO INSTALL UPDATES'''.  You will note that this is step #3 in the [[Adobe Flash Player Full Installer]] guide.  If you accidentally skip step #3 you can always go to the Global Settings of Flash Player and change the option, ''see below''.
 +
 
 +
=== How to disable Automatic Updates ===
 +
 
 +
{{:Adobe Flash Player- How to disable Automatic Updates}}
 +
 
 +
== Determine Flash Version ==
 +
 
 +
The Adobe web site has a tool that will display the current version of Flash Player on your system.
 +
* http://www.adobe.com/software/flash/about/
 +
 
 +
== Install / Update Adobe Flash ==
 +
 
 +
Mozilla Firefox users on Microsoft Windows should use the [[Adobe Flash Player Full Installer]].   
  
== Get Adobe Flash and Reader without GetPlus in Firefox ==
+
For Linux users [[Install Update Flash Plugin Ubuntu]] demonstrates the process for Debian based distributions.
  
To avoid the [[Adobe GetPlus DLM Vulnerability]], you must be careful how you install or update the Adoble Flash Player plugin.  Steps to avoid this spyware is covered on the [[Adobe GetPlus DLM Vulnerability]] page.
+
See also: All pages relating to [http://wiki.robotz.com/index.php?title=Special%3ASearch&search=Adobe+Flash&go=Go Adobe Flash Player]
  
 
 
 
 
Line 16: Line 90:
 
[[Category:Computer_Technology]]
 
[[Category:Computer_Technology]]
 
[[Category:Software]]
 
[[Category:Software]]
 +
[[Category:Security]]

Latest revision as of 22:17, 25 November 2019

Adobe Flash (formerly Macromedia Flash) or Adobe Flash Player is a large weight, runtime environment for multimedia platform development that is popular for adding animation and interactivity to web pages. It can be used to add animation, video, and interactivity to web pages.

History

FutureSplash Animator, developed by young Jonathan Gay, was the first version of Flash. He created the program in 1995 and tried to entice Adobe. Adobe was unimpressed and passed on the software at that time. FutureSplash animator was first offered to the general public in 1996. By 1997 Macromedia had acquired the program From Gay and the program was renamed Flash. It was even known as Shockwave Flash for a period before a better distinction was made clear. In 2005 Adobe bought out Macromedia, which now put Flash into their hands.

Shockwave vs Flash

Both browser apps are the property of Adobe. The terms Shockwave and Flash are sometimes used interchangeably, or even as a phrase "shockwave flash." Although the differences are confusing, or even seemingly subtle to many, they are two different apps.

Shockwave, as a definitive plugin, was released before the Flash plugin. In 1995 while Flash was still known by another name, Shockwave was being used as a way to play back multimedia content, animation and small programs in a Web page.

Shockwave is more powerful than Flash. Shockwave includes a full 3D playback environment that uses 3D software and hardware, which is why Shockwave is used for a lot of 3D games on the Web. Shockwave can also incorporate Flash content inside Shockwave applications.

Macromedia adapted Flash from Future Splash Animator, a vector art animation program. Macromedia adapted Flash to utilize less bandwidth at the time since it was intended for use on Internet dial up connections. Since then the small Flash footprint has been "stamped out" since Flash today is bloatware full of patches, too many little used features, and copyright protection schemes.

Flash is still considered to be less bandwidth intensive than Shockwave. Flash is more universal. More than 90 percent of Web users have the Flash plug-in installed, while a little less than 60 percent have the Shockwave plug-in.

However, confusion is perpetuated by the SWF file format (filename.swf) or Shockwave Flash file format. This is the extension for Flash files for playback using the Adobe Flash Player plugin. Because adobe was originally known as Shockwave Flash, the file extension was an acronym for that name.

Mime type: application/x-shockwave-flash, application/x-shockwave-flash2-preview, application/futuresplash, image/vnd.rn-realflash

Criticisms of Adobe Flash

Websites that heavily use Flash suffer from loss of web browser standard functionality. Some Flash designers use meta refreshes or other tricks to disable browser’s Back button. As the famous usability expert Jacob Nielsen says, ‘Back button is the second most important navigation element after hyperlinks’. Flash also negatively impacts things like selecting text, scrollbars, form control and right-clicking, making these act differently than with a regular HTML webpage.

Mouse wheel scrolling is impacted by the presence of Flash on a web page. In many browsers, it is not possible to scroll a web page with the mouse while the cursor is held over flash content. Scrolling with the arrow keys may require a click on the page outside the flash.

In Windows, Shockwave/Flash (.swf) files cannot be right-clicked and saved. Greedy companies use this as a way to limit access to information on the Internet, thus placing speed bumps on the Information Superhighway. On photo sharing websites such as Webshots, a Flash overlay exists over the initial photo displayed, requiring a second click to retrieve the photo, slowing the experience considerably.

Flash can be used to store data about you when you browse the web, much like cookies, but much more secretly and extensively. You can easily clear your browser cookies, but the data Flash saves can be hard to locate, if not impossible for most users.

The issue of insanely poor security in the Flash Player is a subject matter all on its own. Many security issues could be addressed if Adobe would allow the various features of Flash to be selectable, on and off, by users much the same as MSIE Internet zone security allows. Flash has no mentionable configuration option for users. It is pretty much all or nothing.

Flash has become the instrumental of an ever increasingly crafty way of bombarding the browsing experience with commercial advertisements and popups. Most popup blockers are useless against popups opened by Flash. Flash can open popups, redirect your browser, and force execution of adware without user permission.

Lack of Security

Adobe Flash seems to be vulnerable to an endless string of malware. Adobe products, especially FlashPlayer, Shockwave Player and Adobe (PDF) Reader, have had some serious security holes (vulnerabilities) that hackers that code viruses exploit to infect people's computers.

Adobe Flash malware also has the ability to be cross-platform, infecting everything from desktops to smartphones and anything else that runs Flash. There are over 100 entries in the Open Source Vulnerability Database, many that allow remote code execution on a victims computer.

Adobe Flash is constantly being used as a delivery mechanism for malware. Hackers (malicious programmers) are taking advantage of flaws in the fundamental design of Flash in ways that cannot be anticipated. Like ActiveX, QuickTime, and other browser components, Flash has had its share security vulnerabilities. Experts now believe that Flash has had more total serious vulnerabilities than both ActiveX and Quicktime put together.

The problem with Flash is its absence of controls to disable behavior like Web site redirection. End users have no control over what's offered in Flash. There is nothing the end-user can do to avoid the malicious behavior other than disable the Flash plugin. If Flash is installed on your system it can be hijacked.

Hackers Use Flash to Take Control of your Computer

In June of 2010 security experts announced on a flaw in Adobe Flash and Acrobat Reader that gives malicious hackers control of victims' computers. They advise the industry stop using Adobe Flash and look to alternatives such as HTML5 as the future of Web video. The flaw discovered in Adobe flash could be used to crash a victim's PC and let hackers take over the machine.

The very serious flaw is labeled CVE-2010-1297 and exists in Adobe Flash Player 10.0.45.2 and earlier versions for Windows and Macintosh. An attacker simply creates a malicious SWF file and embeds it in a web page waiting for someone to visit the page, much like a Venus fly trap waits for a fly to land.

Symantec has named the exploit "Trojan.Pidief.J." and says the exploit drops a back door Trojan onto a victim's computer if the computer has one of the affected Adobe products installed. Symantec also spotted an attack using a malicious SWF file. The attack is used in conjunction with an HTML file to download another piece of malware from the Internet they call "Backdoor.Trojan." Victims could be hit when they visit a web site that looks completely harmless.

Adobe Flash Full Installer

Automatic Update Warning

In the past, Adobe has used malware in an attempt to control plugin access and updates. The malware was known as GetPlus, a so-called software updater. Although Adobe abandoned GetPlus after overwhelming criticism from the Internet community, some versions of GetPlus still exist. To avoid the Adobe GetPlus DLM Vulnerability, you must be careful how you install or update the Adoble Flash Player plugin. Steps to avoid this spyware is covered on the Adobe GetPlus DLM Vulnerability page.

Adobe still uses an automatic update (2015) which although is not GetPlus, it is capable of adding PUP malware addons in the future if Adobe Corp so chooses to do that to your computer. Keep in mind that they installed the GetPlus malware on thousands of customer computers without warning. For this reason we recommend you disable automatic updates from Adobe and manually install each Flash update using the full Adobe installer.

Full Installer vs Online Installer

The regular installer on their customer website uses a small program to pull Adobe Flash from over the Internet during installation. It is preferable to use a traditional full installer which can be downloaded in its entirety for installation. The full installer, once downloaded, does not require an active Internet connection to update Flash player, and can be stored on removable storage for use installing on other computers which may not have an Internet connection.

Rather than using the Adobe installer, it is recommended you use the Adobe Flash Player Full Installer. Each time you install or update Adobe Flash Player with the full installer, you need to remember to Tell Adobe Flash NOT TO AUTO INSTALL UPDATES. You will note that this is step #3 in the Adobe Flash Player Full Installer guide. If you accidentally skip step #3 you can always go to the Global Settings of Flash Player and change the option, see below.

How to disable Automatic Updates

Adobe all too frequently updates Flash Player with security fixes which are critical. Sometimes the updates contain new "features" and additional bloatware. In the past, some of the updates have had malware payloads and other PUPs. You should change the automatic update setting to one that allows you to decide if you wish to install the update. This way you can choose to install important security fixes which seem to be released monthly now, and you can skip past bloatware or suspicious updates.

You will need to have a Flash object loaded to do this. The easiest way for most users is to surf on over to youtube.com and pull up a video. A Youtube video is an example of a Flash object.

  1. Right click on any Flash object (such as a video,) click "Global Settings."
  2. Click the Advanced tab
  3. Under the Updates section in the middle of the dialog box change the setting to: "Notify me to install updates."

See Illustrations for steps 1 and 3 below:

Adobeflashnotifyme2.jpg

Adobeflashnotifyme3.jpg

The Settings Manager is a Flash application that displays Flash Player settings which are stored on your computer only. Selecting the Notify Me When an Update to Adobe Flash Player is the option which allows you to decide if you wish to install a particular update. Automatic notification is available on all Microsoft Windows platforms for the following browsers: Microsoft Internet Explorer, Firefox, Opera, and a few select variants. It does not apply to Google Chrome.

Determine Flash Version

The Adobe web site has a tool that will display the current version of Flash Player on your system.

Install / Update Adobe Flash

Mozilla Firefox users on Microsoft Windows should use the Adobe Flash Player Full Installer.

For Linux users Install Update Flash Plugin Ubuntu demonstrates the process for Debian based distributions.

See also: All pages relating to Adobe Flash Player