Changes

From Free Knowledge Base- The DUCK Project: information for everyone
Jump to: navigation, search

Adobe Flash Player

6,319 bytes added, 04:17, 26 November 2019
The following lines were added (+) and removed (-):
Websites that heavily use Flash suffer from loss of web browser standard functionality.  Some Flash designers use meta refreshes or other tricks to disable browser’s Back button. As the famous usability expert Jacob Nielsen says, ‘Back button is the second most important navigation element after hyperlinks’.Websites that heavily use Flash suffer from loss of web browser standard functionality.  Some Flash designers use meta refreshes or other tricks to disable browser’s Back button. As the famous usability expert Jacob Nielsen says, ‘Back button is the second most important navigation element after hyperlinks’.  Flash also negatively impacts things like selecting text, scrollbars, form control and right-clicking, making these act differently than with a regular HTML webpage. Mouse wheel scrolling is impacted by the presence of Flash on a web page.  In many browsers, it is not possible to scroll a web page with the mouse while the cursor is held over flash content. Scrolling with the arrow keys may require a click on the page outside the flash.   In Windows, Shockwave/Flash (.swf) files cannot be right-clicked and saved.  Greedy companies use this as a way to limit access to information on the Internet, thus placing speed bumps on the Information Superhighway.  On photo sharing websites such as Webshots, a Flash overlay exists over the initial photo displayed, requiring a second click to retrieve the photo, slowing the experience considerably. Flash can be used to store data about you when you browse the web, much like cookies, but much more secretly and extensively.  You can easily clear your browser cookies, but the data Flash saves can be hard to locate, if not impossible for most users.   The issue of insanely poor security in the Flash Player is a subject matter all on its own.  Many security issues could be addressed if Adobe would allow the various features of Flash to be selectable, on and off, by users much the same as MSIE Internet zone security allows.  Flash has no mentionable configuration option for users.  It is pretty much all or nothing. Flash has become the instrumental of an ever increasingly crafty way of bombarding the browsing experience with commercial advertisements and popups.  Most popup blockers are useless against popups opened by Flash.  Flash can open popups, redirect your browser, and force execution of adware without user permission.Adobe Flash malware also has the ability to be cross-platform, infecting everything from desktops to smartphones and anything else that runs Flash.   Adobe Flash malware also has the ability to be cross-platform, infecting everything from desktops to smartphones and anything else that runs Flash.  There are over 100 entries in the Open Source Vulnerability Database, many that allow remote code execution on a victims computer. Adobe Flash is constantly being used as a delivery mechanism for malware.  Hackers (malicious programmers) are taking advantage of flaws in the fundamental design of Flash in ways that cannot be anticipated.  Like ActiveX, QuickTime, and other browser components, Flash has had its share security vulnerabilities.  Experts now believe that Flash has had more total serious vulnerabilities than both ActiveX and Quicktime put together.   The problem with Flash is its absence of controls to disable behavior like Web site redirection.  End users have no control over what's offered in Flash.  There is nothing the end-user can do to avoid the malicious behavior other than disable the Flash plugin.  If Flash is installed on your system it can be hijacked. === Hackers Use Flash to Take Control of your Computer === In June of 2010 security experts announced on a flaw in Adobe Flash and Acrobat Reader that gives malicious hackers control of victims' computers. They advise the industry stop using Adobe Flash and look to alternatives such as HTML5 as the future of Web video.  The flaw discovered in Adobe flash could be used to crash a victim's PC and let hackers take over the machine.   The very serious flaw is labeled CVE-2010-1297 and exists in Adobe Flash Player 10.0.45.2 and earlier versions for Windows and Macintosh.  An attacker simply creates a malicious SWF file and embeds it in a web page waiting for someone to visit the page, much like a Venus fly trap waits for a fly to land.   Symantec has named the exploit "Trojan.Pidief.J." and says the exploit drops a back door Trojan onto a victim's computer if the computer has one of the affected Adobe products installed.  Symantec also spotted an attack using a malicious SWF file. The attack is used in conjunction with an HTML file to download another piece of malware from the Internet they call "Backdoor.Trojan."  Victims could be hit when they visit a web site that looks completely harmless. == Adobe Flash Full Installer == === Automatic Update Warning === In the past, Adobe has used malware in an attempt to control plugin access and updates.  The malware was known as GetPlus, a so-called software updater.  Although Adobe abandoned GetPlus after overwhelming criticism from the Internet community, some versions of GetPlus still exist.  To avoid the [[Adobe GetPlus DLM Vulnerability]], you must be careful how you install or update the Adoble Flash Player plugin.  Steps to avoid this spyware is covered on the [[Adobe GetPlus DLM Vulnerability]] page.   Adobe still uses an automatic update (2015) which although is not GetPlus, it is capable of adding [[PUP]] malware addons in the future if Adobe Corp so chooses to do that to your computer.  Keep in mind that they installed the GetPlus malware on thousands of customer computers without warning.  For this reason we recommend you disable automatic updates from Adobe and manually install each Flash update using the full Adobe installer. === Full Installer vs Online Installer === The regular installer on their customer website uses a small program to pull Adobe Flash from over the Internet during installation.  It is preferable to use a traditional full installer which can be downloaded in its entirety for installation.  The full installer, once downloaded, does not require an active Internet connection to update Flash player, and can be stored on removable storage for use installing on other computers which may not have an Internet connection.  Rather than using the Adobe installer, it is recommended you use the '''[[Adobe Flash Player Full Installer]]'''.  Each time you install or update [[Adobe Flash Player]] with the full installer, you need to remember to Tell Adobe Flash '''NOT TO AUTO INSTALL UPDATES'''.  You will note that this is step #3 in the [[Adobe Flash Player Full Installer]] guide.  If you accidentally skip step #3 you can always go to the Global Settings of Flash Player and change the option, ''see below''. === How to disable Automatic Updates === {{:Adobe Flash Player- How to disable Automatic Updates}} == Determine Flash Version == The Adobe web site has a tool that will display the current version of Flash Player on your system.* http://www.adobe.com/software/flash/about/ == Install / Update Adobe Flash == Mozilla Firefox users on Microsoft Windows should use the [[Adobe Flash Player Full Installer]].   == Get Adobe Flash and Reader without GetPlus in Firefox ==For Linux users [[Install Update Flash Plugin Ubuntu]] demonstrates the process for Debian based distributions.To avoid the [[Adobe GetPlus DLM Vulnerability]], you must be careful how you install or update the Adoble Flash Player plugin.  Steps to avoid this spyware is covered on the [[Adobe GetPlus DLM Vulnerability]] page.See also: All pages relating to [http://wiki.robotz.com/index.php?title=Special%3ASearch&search=Adobe+Flash&go=Go Adobe Flash Player][[Category:Security]]