Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Computer Support > Adobe Flash Player Applications : How secure are they ?

Reply
Thread Tools

Adobe Flash Player Applications : How secure are they ?

 
 
=?ISO-8859-1?Q?R=F4g=EAr?=
Guest
Posts: n/a
 
      07-09-2007
pokhara67 wrote:

> no probs. any thoughts on the security or otherwise of embedded flash
> applications ?


I will from time to time allow flash events on my machine, as opposed to
Active X (someone else was asking about its security). But I'd rather
not have to have things running that can have a mind of their own. You
have to trust the website author and I'm just not that trusting most of
the time.
 
Reply With Quote
 
 
 
 
pokhara67
Guest
Posts: n/a
 
      07-10-2007
On Jul 9, 11:23 pm, Rgr <(E-Mail Removed)> wrote:
> pokhara67 wrote:
> > no probs. any thoughts on the security or otherwise of embedded flash
> > applications ?

>
> I will from time to time allow flash events on my machine, as opposed to
> Active X (someone else was asking about its security). But I'd rather
> not have to have things running that can have a mind of their own. You
> have to trust the website author and I'm just not that trusting most of
> the time.


so what about something like this

www.sankey-music.com

it doesnt ask for permission to run it just runs.

there appears to be nowhere in firefox to control the behaviour of
adobe flash applications

 
Reply With Quote
 
 
 
 
Pennywise@DerryMaine.Gov
Guest
Posts: n/a
 
      07-10-2007
pokhara67 <(E-Mail Removed)> wrote:

>so what about something like this
>
>www.sankey-music.com
>
>it doesnt ask for permission to run it just runs.
>
>there appears to be nowhere in firefox to control the behaviour of
>adobe flash applications


Myself I don't care. There is a lot of good SWF files out (your
robot); and I like to see what's out "there".

I just keep the flash program updated, along with the other basic safe
guards.

If you want to disable flash you can do this within your browser or
uninstall flash. FireFox - Tools/options/Content/File Types
You can delete the entry or change how it is treated
(Opera you can have it do nothing, not FireFox)

A good practice is to use a HOSTS file, others have found the bad
sites to an extent and you can add any you don't wish to access.
http://someonewhocares.org/hosts/hosts - It will also keep you from
reading all the spam/ads on websites.
--

A KKK Nightmare (photo)
http://www.keithwhite.us/alabamaer.html
 
Reply With Quote
 
pokhara67
Guest
Posts: n/a
 
      07-10-2007
On Jul 10, 7:43 am, (E-Mail Removed) wrote:
> pokhara67 <(E-Mail Removed)> wrote:
> >so what about something like this

>
> >www.sankey-music.com

>
> >it doesnt ask for permission to run it just runs.

>
> >there appears to be nowhere in firefox to control the behaviour of
> >adobe flash applications

>
> Myself I don't care. There is a lot of good SWF files out (your
> robot); and I like to see what's out "there".
>

it isnt mine, it belongs to a producer of trash-techno music

> I just keep the flash program updated, along with the other basic safe
> guards.
>

What are the basic safeguards were flash applications are concerned ?
How do you prevent a flash application from behaving in a way you dont
like ?
Do flash applications have a builtin sandbox like java applets ?

 
Reply With Quote
 
Pennywise@DerryMaine.Gov
Guest
Posts: n/a
 
      07-10-2007
pokhara67 <(E-Mail Removed)> wrote:

>On Jul 10, 7:43 am, (E-Mail Removed) wrote:
>> pokhara67 <(E-Mail Removed)> wrote:
>> >so what about something like this

>>
>> >www.sankey-music.com

>>
>> >it doesnt ask for permission to run it just runs.

>>
>> >there appears to be nowhere in firefox to control the behaviour of
>> >adobe flash applications

>>
>> Myself I don't care. There is a lot of good SWF files out (your
>> robot); and I like to see what's out "there".
>>

>it isnt mine, it belongs to a producer of trash-techno music
>
>> I just keep the flash program updated, along with the other basic safe
>> guards.


>What are the basic safeguards were flash applications are concerned ?
>How do you prevent a flash application from behaving in a way you dont
>like ?



Anti-virus, regprot, and a bit of hopeful trust in MS.

MicroSoft writes a lot of corruptible code, to the point that SP2 has
a new feature called DEP (Data Execution Prevention). If a file causes
a buffer overflow DEP blocks the memory from being used, and killing
the program.

DEP is also a Hardware feature, Linux and OSX should be able to do the
same. http://technet.microsoft.com/en-us/l.../bb457155.aspx

But really I don't worry about SWF files, in your case I wouldn't let
this friend who made the claim near my computer

>Do flash applications have a builtin sandbox like java applets ?

In a way.
http://www.adobe.com/devnet/flash/ar...curity_04.html
"This section describes the various local sandboxes into which SWFs
are placed."

--

A KKK Nightmare (photo)
http://www.keithwhite.us/alabamaer.html
 
Reply With Quote
 
pokhara67
Guest
Posts: n/a
 
      07-10-2007
On Jul 10, 8:17 am, (E-Mail Removed) wrote:
> pokhara67 <(E-Mail Removed)> wrote:
> >On Jul 10, 7:43 am, (E-Mail Removed) wrote:
> >> pokhara67 <(E-Mail Removed)> wrote:
> >> >so what about something like this

>
> >> >www.sankey-music.com

>
> >> >it doesnt ask for permission to run it just runs.

>
> >> >there appears to be nowhere in firefox to control the behaviour of
> >> >adobe flash applications

>
> >> Myself I don't care. There is a lot of good SWF files out (your
> >> robot); and I like to see what's out "there".

>
> >it isnt mine, it belongs to a producer of trash-techno music

>
> >> I just keep the flash program updated, along with the other basic safe
> >> guards.

> >What are the basic safeguards were flash applications are concerned ?
> >How do you prevent a flash application from behaving in a way you dont
> >like ?

>
> Anti-virus, regprot, and a bit of hopeful trust in MS.
>
> MicroSoft writes a lot of corruptible code, to the point that SP2 has
> a new feature called DEP (Data Execution Prevention). If a file causes
> a buffer overflow DEP blocks the memory from being used, and killing
> the program.
>


Thanks but I dont use M$

> But really I don't worry about SWF files, in your case I wouldn't let
> this friend who made the claim near my computer
>

well if hes on my computer he wouldnt need a flash application.

> >Do flash applications have a builtin sandbox like java applets ?

>
> In a way.http://www.adobe.com/devnet/flash/ar...curity_04.html
> "This section describes the various local sandboxes into which SWFs
> are placed."
>

ok, now we are getting somewhere.
i must admit i dont understand that security model at all.


 
Reply With Quote
 
Pennywise@DerryMaine.Gov
Guest
Posts: n/a
 
      07-17-2007
pokhara67 <(E-Mail Removed)> wrote:

>a colleague at work suggested he could write a Flash application which
>could compromise a user's hard drive data.
>
>is this possible ?


It is now, you need to update your version if your still reading this
thread.

http://www.adobe.com/support/securit...apsb07-12.html

to list your version
http://www.adobe.com/products/flash/about/


--
Pagans are not happy about an enormous Homer Simpson
painted near an ancient image.
http://www.boingboing.net/2007/07/16...leased_wi.html
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Re: How include a large array? Edward A. Falk C Programming 1 04-04-2013 08:07 PM
Secure your digital information assets with Secure Auditor. SecureWindows with Secure Auditor alannis.albert@googlemail.com Cisco 0 04-14-2008 06:53 AM
Secure your digital information assets with Secure Auditor SecureWindows with Secure Auditor alannis.albert@googlemail.com Cisco 0 04-14-2008 06:52 AM



Advertisments