Difference between revisions of "Adobe Flash Player"

From Free Knowledge Base- The DUCK Project: information for everyone
Jump to: navigation, search
m (Lack of Security)
m (Lack of Security)
Line 38: Line 38:
  
 
Adobe Flash malware also has the ability to be cross-platform, infecting everything from desktops to smartphones and anything else that runs Flash.  There are over 100 entries in the Open Source Vulnerability Database, many that allow remote code execution on a victims computer.
 
Adobe Flash malware also has the ability to be cross-platform, infecting everything from desktops to smartphones and anything else that runs Flash.  There are over 100 entries in the Open Source Vulnerability Database, many that allow remote code execution on a victims computer.
 +
 +
Adobe Flash is constantly being used as a delivery mechanism for malware.  Hackers (malicious programmers) are taking advantage of flaws in the fundamental design of Flash in ways that cannot be anticipated.  Like ActiveX, QuickTime, and other browser components, Flash has had its share security vulnerabilities.  Experts now believe that Flash has had more total serious vulnerabilities than both ActiveX and Quicktime put together. 
 +
 +
The problem with Flash is its absence of controls to disable behavior like Web site redirection.  End users have no control over what's offered in Flash.  There is nothing the end-user can do to avoid the malicious behavior other than disable the Flash plugin.  If Flash is installed on your system it can be hijacked.
  
 
== Get Adobe Flash and Reader without GetPlus in Firefox ==
 
== Get Adobe Flash and Reader without GetPlus in Firefox ==

Revision as of 17:04, 19 January 2011

Adobe Flash (formerly Macromedia Flash) or Adobe Flash Player is a large weight, runtime environment for multimedia platform development that is popular for adding animation and interactivity to web pages. It can be used to add animation, video, and interactivity to web pages.

History

FutureSplash Animator, developed by young Jonathan Gay, was the first version of Flash. He created the program in 1995 and tried to entice Adobe. Adobe was unimpressed and passed on the software at that time. FutureSplash animator was first offered to the general public in 1996. By 1997 Macromedia had acquired the program From Gay and the program was renamed Flash. It was even known as Shockwave Flash for a period before a better distinction was made clear. In 2005 Adobe bought out Macromedia, which now put Flash into their hands.

Shockwave vs Flash

Both browser apps are the property of Adobe. The terms Shockwave and Flash are sometimes used interchangeably, or even as a phrase "shockwave flash." Although the differences are confusing, or even seemingly subtle to many, they are two different apps.

Shockwave, as a definitive plugin, was released before the Flash plugin. In 1995 while Flash was still known by another name, Shockwave was being used as a way to play back multimedia content, animation and small programs in a Web page.

Shockwave is more powerful than Flash. Shockwave includes a full 3D playback environment that uses 3D software and hardware, which is why Shockwave is used for a lot of 3D games on the Web. Shockwave can also incorporate Flash content inside Shockwave applications.

Macromedia adapted Flash from Future Splash Animator, a vector art animation program. Macromedia adapted Flash to utilize less bandwidth at the time since it was intended for use on Internet dial up connections. Since then the small Flash footprint has been "stamped out" since Flash today is bloatware full of patches, too many little used features, and copyright protection schemes.

Flash is still considered to be less bandwidth intensive than Shockwave. Flash is more universal. More than 90 percent of Web users have the Flash plug-in installed, while a little less than 60 percent have the Shockwave plug-in.

However, confusion is perpetuated by the SWF file format (filename.swf) or Shockwave Flash file format. This is the extension for Flash files for playback using the Adobe Flash Player plugin. Because adobe was originally known as Shockwave Flash, the file extension was an acronym for that name.

Mime type: application/x-shockwave-flash, application/x-shockwave-flash2-preview, application/futuresplash, image/vnd.rn-realflash

Criticisms of Adobe Flash

Websites that heavily use Flash suffer from loss of web browser standard functionality. Some Flash designers use meta refreshes or other tricks to disable browser’s Back button. As the famous usability expert Jacob Nielsen says, ‘Back button is the second most important navigation element after hyperlinks’. Flash also negatively impacts things like selecting text, scrollbars, form control and right-clicking, making these act differently than with a regular HTML webpage.

Mouse wheel scrolling is impacted by the presence of Flash on a web page. In many browsers, it is not possible to scroll a web page with the mouse while the cursor is held over flash content. Scrolling with the arrow keys may require a click on the page outside the flash.

In Windows, Shockwave/Flash (.swf) files cannot be right-clicked and saved. Greedy companies use this as a way to limit access to information on the Internet, thus placing speed bumps on the Information Superhighway. On photo sharing websites such as Webshots, a Flash overlay exists over the initial photo displayed, requiring a second click to retrieve the photo, slowing the experience considerably.

Flash can be used to store data about you when you browse the web, much like cookies, but much more secretly and extensively. You can easily clear your browser cookies, but the data Flash saves can be hard to locate, if not impossible for most users.

The issue of insanely poor security in the Flash Player is a subject matter all on its own.

Lack of Security

Adobe Flash seems to be vulnerable to an endless string of malware. Adobe products, especially FlashPlayer, Shockwave Player and Adobe (PDF) Reader, have had some serious security holes (vulnerabilities) that hackers that code viruses exploit to infect people's computers.

Adobe Flash malware also has the ability to be cross-platform, infecting everything from desktops to smartphones and anything else that runs Flash. There are over 100 entries in the Open Source Vulnerability Database, many that allow remote code execution on a victims computer.

Adobe Flash is constantly being used as a delivery mechanism for malware. Hackers (malicious programmers) are taking advantage of flaws in the fundamental design of Flash in ways that cannot be anticipated. Like ActiveX, QuickTime, and other browser components, Flash has had its share security vulnerabilities. Experts now believe that Flash has had more total serious vulnerabilities than both ActiveX and Quicktime put together.

The problem with Flash is its absence of controls to disable behavior like Web site redirection. End users have no control over what's offered in Flash. There is nothing the end-user can do to avoid the malicious behavior other than disable the Flash plugin. If Flash is installed on your system it can be hijacked.

Get Adobe Flash and Reader without GetPlus in Firefox

To avoid the Adobe GetPlus DLM Vulnerability, you must be careful how you install or update the Adoble Flash Player plugin. Steps to avoid this spyware is covered on the Adobe GetPlus DLM Vulnerability page.