Adobe Flash Player Applications : How secure are they ?

Discussion in 'Computer Support' started by pokhara67, Jul 9, 2007.

  1. pokhara67

    pokhara67 Guest

    a colleague at work suggested he could write a Flash application which
    could compromise a user's hard drive data.

    is this possible ?
    pokhara67, Jul 9, 2007
    1. Advertisements

  2. Report your colleague to Homeland Security.
    =?ISO-8859-1?Q?R=F4g=EAr?=, Jul 9, 2007
    1. Advertisements

  3. In answer to your question (however intelligent that was) is yes. Flash
    files can be malicious. Hell, I can write a batch file that will do away
    with all your data. Would I be successful? Depends on how stupid you
    are. Would it propogate? Depends on how smart I am.

    You are posting through AOL, which would normally indicate a US address.
    However, I'll grant you, there are stupid people in other countries.
    =?ISO-8859-1?Q?R=F4g=EAr?=, Jul 9, 2007
  4. pokhara67

    pokhara67 Guest

    I know any kind of file can be malicious. I can program too.

    The question I should have posed was :

    Is it possible for a Flash Application to load in my browser (firefox
    on OSX and Linux ) and perform data reads/writes of my disk without my

    AOL in the UK is an excellent and cheap service. 30 dollars per month
    for unlimited usage and no censorship - that I have noticed.

    The only minor annoyance is that they dont have any newsservers,

    Apart from that their ADSL service has never been down once in 4
    pokhara67, Jul 9, 2007
  5. pokhara67

    Pennywise Guest

    Finding a flaw (buffer overflow) like this one and having it call Rôgêrs
    batch file - yea; it's finding that flaw that's the hard part.
    Pennywise, Jul 9, 2007
  6. Heh, I like the list of potential platforms affected. They didn't
    mention my Whirlpool microwave though.
    =?ISO-8859-1?Q?R=F4g=EAr?=, Jul 9, 2007
  7. I hereby humbly apologize for comments I made. You seem to have some
    smarts. But as a side note, you are posting through AOL and Google
    Groups. You are at a double disadvantage going into the conversation,
    but you've shown that you aren't typical. So my apology stands, if
    you're willing to accept it.
    =?ISO-8859-1?Q?R=F4g=EAr?=, Jul 9, 2007
  8. pokhara67

    pokhara67 Guest

    no probs. any thoughts on the security or otherwise of embedded flash
    applications ?
    pokhara67, Jul 9, 2007
  9. I will from time to time allow flash events on my machine, as opposed to
    Active X (someone else was asking about its security). But I'd rather
    not have to have things running that can have a mind of their own. You
    have to trust the website author and I'm just not that trusting most of
    the time.
    =?ISO-8859-1?Q?R=F4g=EAr?=, Jul 9, 2007
  10. pokhara67

    pokhara67 Guest

    so what about something like this

    it doesnt ask for permission to run it just runs.

    there appears to be nowhere in firefox to control the behaviour of
    adobe flash applications
    pokhara67, Jul 10, 2007
  11. pokhara67

    Pennywise Guest

    Myself I don't care. There is a lot of good SWF files out (your
    robot); and I like to see what's out "there".

    I just keep the flash program updated, along with the other basic safe

    If you want to disable flash you can do this within your browser or
    uninstall flash. FireFox - Tools/options/Content/File Types
    You can delete the entry or change how it is treated
    (Opera you can have it do nothing, not FireFox)

    A good practice is to use a HOSTS file, others have found the bad
    sites to an extent and you can add any you don't wish to access. - It will also keep you from
    reading all the spam/ads on websites.
    Pennywise, Jul 10, 2007
  12. pokhara67

    pokhara67 Guest

    it isnt mine, it belongs to a producer of trash-techno music
    What are the basic safeguards were flash applications are concerned ?
    How do you prevent a flash application from behaving in a way you dont
    like ?
    Do flash applications have a builtin sandbox like java applets ?
    pokhara67, Jul 10, 2007
  13. pokhara67

    Pennywise Guest

    Anti-virus, regprot, and a bit of hopeful trust in MS.

    MicroSoft writes a lot of corruptible code, to the point that SP2 has
    a new feature called DEP (Data Execution Prevention). If a file causes
    a buffer overflow DEP blocks the memory from being used, and killing
    the program.

    DEP is also a Hardware feature, Linux and OSX should be able to do the

    But really I don't worry about SWF files, in your case I wouldn't let
    this friend who made the claim near my computer :)
    In a way.
    "This section describes the various local sandboxes into which SWFs
    are placed."
    Pennywise, Jul 10, 2007
  14. pokhara67

    pokhara67 Guest

    Thanks but I dont use M$
    well if hes on my computer he wouldnt need a flash application.
    ok, now we are getting somewhere.
    i must admit i dont understand that security model at all.
    pokhara67, Jul 10, 2007
  15. pokhara67

    Pennywise Guest

    Pennywise, Jul 17, 2007
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.