Looks like it is time to remove Macromedia Flash player plugins from your computers.

Discussion in 'Computer Security' started by Richard Johnson, Apr 2, 2005.

  1. Richard Johnson, Apr 2, 2005
    #1
    1. Advertising

  2. Richard Johnson

    Benny Guest

    If you use SpywareBlaster (a free prog- very useful), it gives the option of
    disabling existing versions of Flash on your computer, and preventing
    websites from installing it. I don't know about Flash installing malware-
    SpywareBlaster offers the option to protect you against unwanted advertising
    stuff, and does not suggest that Flash has any evil intentions.
    --
    Benny
    *******
    "Richard Johnson" <> wrote in message
    news:...
    >

    http://story.news.yahoo.com/news?tmpl=story&cid=74&ncid=74&e=5&u=/cmp/20050401/tc_cmp/160400719
    >
    > In short, they can put back cookies, and malware after you have deleted it
    > if you have the Flash player installed in your favorite browser. Just

    what
    > will they think of next?
    >
    >
    >
    Benny, Apr 2, 2005
    #2
    1. Advertising

  3. Benny:

    I don't think the folks that make flash player had this in mind, but now
    that it is known how to do it by using the other company's product, malware,
    spyware, as well as cookies will not be removable by the user. That to me
    is a VERY large problem. I have deleted Flash Player on my machines based
    upon this story. Until Macromedia allows me to modify it's security
    settings to fully disable this feature I am not installing it again. I also
    think that everyone should follow suit to prevent this type of security
    breach. (If a user wants no or limited cookies, spyware, or malware on
    their machine.) By the way, spyware removal tools won't get it off either.
    Flash players security issue allows malware to simply puts it back upon
    deletion as I understand the story.

    Rich
    "Benny" <> wrote in message
    news:d2kveb$h8l$...
    > If you use SpywareBlaster (a free prog- very useful), it gives the option

    of
    > disabling existing versions of Flash on your computer, and preventing
    > websites from installing it. I don't know about Flash installing malware-
    > SpywareBlaster offers the option to protect you against unwanted

    advertising
    > stuff, and does not suggest that Flash has any evil intentions.
    > --
    > Benny
    > *******
    > "Richard Johnson" <> wrote in message
    > news:...
    > >

    >

    http://story.news.yahoo.com/news?tmpl=story&cid=74&ncid=74&e=5&u=/cmp/20050401/tc_cmp/160400719
    > >
    > > In short, they can put back cookies, and malware after you have deleted

    it
    > > if you have the Flash player installed in your favorite browser. Just

    > what
    > > will they think of next?
    > >
    > >
    > >

    >
    >
    Richard Johnson, Apr 2, 2005
    #3
  4. See the following to block/remove shared objects.

    http://www.macromedia.com/support/f...ocal_shared_object/local_shared_object02.html

    --
    http://www.standards.com/; See Howard Kaikow's web site.
    "Richard Johnson" <> wrote in message
    news:...
    >

    http://story.news.yahoo.com/news?tmpl=story&cid=74&ncid=74&e=5&u=/cmp/20050401/tc_cmp/160400719
    >
    > In short, they can put back cookies, and malware after you have deleted it
    > if you have the Flash player installed in your favorite browser. Just

    what
    > will they think of next?
    >
    >
    >
    Howard Kaikow, Apr 2, 2005
    #4
  5. Richard Johnson

    Guest Guest

    "Richard Johnson" <> wrote in message
    news:...
    > http://story.news.yahoo.com/news?tmpl=story&cid=74&ncid=74&e=5&u=/cmp/20050401/tc_cmp/160400719
    >
    > In short, they can put back cookies, and malware after you have
    > deleted it
    > if you have the Flash player installed in your favorite browser. Just
    > what
    > will they think of next?
    >
    >
    >



    Visit http://www.macromedia.com/ or any site that shows Flash content.
    Right-click on the Flash content and select Settings. Click on the
    Folder icon button. Set their cache to zero and check the box to
    remember your setting. Flash uses its own cookie files which have the
    ..sol filetype.

    If the web page you visit with Flash content has disabled user
    configuration of some settings, visit Macromedia's online settings
    manager at
    http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager02.html
    (they have yet to deliver a seperate utility that you can run locally).
    Unlike UI applications that open their own window, the mouse cursor will
    not change when you hover over clickable objects in that web page; i.e.,
    you click on the tab buttons to change between panels but you won't see
    the mouse cursor change to indicate they are clickable. If you use the
    Website Privacy Settings panel (5th tab) to clear the Flash cookies
    (.sol files), not all are deleted as a file search will shows some still
    around, one of which retains the settings you configured.

    I use PopUpCop as my popup blocker (works better than the rest that I've
    trialed) but haven't yet managed to convince its author to include .sol
    files in its cookie whitelist feature (the author isn't familiar with
    Flash cookies enough to want to touch them yet).

    And what is with the deliberate scare tactic by the OP claiming the
    article says that Flash is going to be used to install malware? All it
    mentions is using a shared object to rebuild Flash cookies, but if you
    set the Flash caches to zero than you have no locally saved shared
    objects.

    --
    ____________________________________________________________
    Post your replies to the newsgroup. Share with others.
    E-mail reply: Remove "NIXTHIS" and add "#VS811" to Subject.
    ____________________________________________________________
    Guest, Apr 2, 2005
    #5
  6. Richard Johnson wrote:

    >

    http://story.news.yahoo.com/news?tmpl=story&cid=74&ncid=74&e=5&u=/cmp/20050401/tc_cmp/160400719
    >
    > In short, they can put back cookies, and malware after you have deleted it
    > if you have the Flash player installed in your favorite browser. Just
    > what will they think of next?


    I don't know about you guys but if someone is going to use me (and my pc)
    for marketing research, which they SELL, aren't we entitled to the money
    also? I am being serious, this should be a class action lawsuit...

    The shit gets installed on your PC, companies SELL the info taken from your
    pc and make millions. Basically, they view the PC users as nothing more
    than a resource to exploit...

    I SAY CLASS ACTION LAWSUIT! THINK ABOUT IT!!!!!!!!!!!!!!!


    Michael

    --

    "Microsoft isn't evil, they just make really crappy operating systems." -
    Linus Torvald
    Michael Pelletier, Apr 3, 2005
    #6
  7. Richard Johnson

    winged Guest

    Re: Looks like it is time to remove Macromedia Flash player pluginsfrom your computers.

    Richard Johnson wrote:
    > http://story.news.yahoo.com/news?tmpl=story&cid=74&ncid=74&e=5&u=/cmp/20050401/tc_cmp/160400719
    >
    > In short, they can put back cookies, and malware after you have deleted it
    > if you have the Flash player installed in your favorite browser. Just what
    > will they think of next?
    >
    >
    >

    Thanks for the article. I no longer use flash due as I noted that sites
    could bypass my cookie rules some time ago. This sounds even worse.


    I have also noted that Quick Time plug-ins can also plant cookies
    irrespective of contrary browser settings. While I may miss some sites
    who have chosen to flash enable their site, I will live without visiting
    those sites. I have quit using q-time as well, however of the 2 the
    Macromedia plug-in behavior has several issues and I consider it more of
    a threat.

    I am not against legitimate advertising, however those who believe I
    give up my right to control my asset because I happened to visit a site
    that had their banner is ludicrous. There are some vendors who have
    lost any possible future business with me due to their choice of
    behaviors when advertising on the net, or the behavior of their website.
    There are several car companies that when i tried researching their
    vehicles on the net for consideration, lost a potential customer.

    In the business setting, one should review the Macromedia license
    agreement very carefully. There is some very slippery language on both
    their network deployable as well as with the "free" plug-in. You may
    find that "free" plug-in very expensive if/when they decide to uphold
    that agreement. Our legal group has been negotiating with Macromedia
    for months trying to come up with an acceptable agreement, without
    resolution.

    One should be very careful as to what plug-ins they allow, the more you
    allow, typically opens up more avenues for compromise.

    Winged
    winged, Apr 5, 2005
    #7
  8. Richard Johnson

    donnie Guest

    donnie, Apr 6, 2005
    #8
  9. "donnie" <> wrote in message
    news:...
    > On Fri, 1 Apr 2005 16:14:10 -0800, "Richard Johnson"
    > <> wrote:
    >
    >
    >http://story.news.yahoo.com/news?tmpl=story&cid=74&ncid=74&e=5&u=/cmp/20050

    401/tc_cmp/160400719
    > >
    > >In short, they can put back cookies, and malware after you have deleted

    it
    > >if you have the Flash player installed in your favorite browser. Just

    what
    > >will they think of next?
    > >
    > >

    > ##########################
    > I block all cookies. Do I still need to get rid of Flash?


    No, see my post in this thread on how to block the shared objects.
    Howard Kaikow, Apr 6, 2005
    #9
  10. Richard Johnson

    winged Guest

    Re: Looks like it is time to remove Macromedia Flash player pluginsfrom your computers.

    bonnie wrote:
    > On Fri, 1 Apr 2005 16:14:10 -0800, "Richard Johnson"
    > <> wrote:
    >
    >
    >>http://story.news.yahoo.com/news?tmpl=story&cid=74&ncid=74&e=5&u=/cmp/20050401/tc_cmp/160400719
    >>
    >>In short, they can put back cookies, and malware after you have deleted it
    >>if you have the Flash player installed in your favorite browser. Just what
    >>will they think of next?
    >>
    >>

    >
    > ##########################
    > I block all cookies. Do I still need to get rid of Flash?
    > donnie

    Donnie,
    You don't mention how you block cookies however I have found cookies
    placed on a machine with Macromedia Flash irrespective of any browser
    cookie block. I have tested this with IE, Firefox and Avant. I have not
    tested the workaround that was mentioned was on the Macromedia site as I
    no longer run the product and no longer authorize it on work networks,
    though this is more related to the license involved on the plug-in.

    My users hate me...

    But I am retentive about products that expose me then reveal how to
    fix/configure things after it is publicized as an issue. This is not
    their first exploit. I suppose it depends on how much you feel you need
    the product (value added versus the potential exploit). All software
    opens the exploit window. Security is a balance of usability versus
    security and the risks you are willing to accept.

    Winged
    winged, Apr 6, 2005
    #10
  11. Richard Johnson

    bitch n moan Guest

    On 05 Apr 2005 08:51:01 EDT, winged <> wrote:


    >Thanks for the article. I no longer use flash due as I noted that sites
    >could bypass my cookie rules some time ago. This sounds even worse.
    >
    >
    >I have also noted that Quick Time plug-ins can also plant cookies
    >irrespective of contrary browser settings.



    Yeah I don't use either. Got tired of them the first time around back
    in the day.

    Cracks me up people use firefox and the first thing they do is load
    all these plug ins with this stuff.

    "Oh THIS isn't spyware, you're paranoid..."

    yeah right...


    >
    >
    >In the business setting, one should review the Macromedia license
    >agreement very carefully. There is some very slippery language on both
    >their network deployable as well as with the "free" plug-in. You may
    >find that "free" plug-in very expensive if/when they decide to uphold
    >that agreement. Our legal group has been negotiating with Macromedia
    >for months trying to come up with an acceptable agreement, without
    >resolution.


    Could you elaborate on the issues you find of concern there ?

    I hate the license gobblygookspeak. It's all crap. You load the
    software, you owe some troll your first born.
    bitch n moan, Apr 6, 2005
    #11
  12. Richard Johnson

    donnie Guest

    On 06 Apr 2005 01:17:09 EDT, winged <> wrote:

    >Donnie,
    >You don't mention how you block cookies however I have found cookies
    >placed on a machine with Macromedia Flash irrespective of any browser
    >cookie block.

    ###############################
    I use the custon security settings in IE.
    donnie
    donnie, Apr 7, 2005
    #12
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. pd
    Replies:
    1
    Views:
    645
    dantu
    Feb 9, 2004
  2. default
    Replies:
    26
    Views:
    59,018
    littlest_elf
    Aug 21, 2008
  3. Dennis Blackwell

    Macromedia Flash Player

    Dennis Blackwell, Jul 1, 2003, in forum: Computer Support
    Replies:
    1
    Views:
    524
    paul s
    Jul 1, 2003
  4. Michael

    Re: macromedia Flash Player

    Michael, Jul 15, 2003, in forum: Computer Support
    Replies:
    0
    Views:
    486
    Michael
    Jul 15, 2003
  5. james
    Replies:
    1
    Views:
    427
Loading...

Share This Page