navigation bar left navigation bar right

Secunia CSI7
navigation left tab Advisories navigation right tab
navigation left tab Research navigation right tab
navigation left tab Forums navigation right tab
navigation left tab Create Profile navigation right tab
navigation left tab Our Commitment navigation right tab
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: Do the Security Settings on Adobe website need checking???

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Programs

Relating to this vendor:
Adobe Systems
And, this specific program:
Adobe Flash Player 10.x

This thread has been marked as locked.
taffy078 Do the Security Settings on Adobe website need checking???
Contributor 30th Jul, 2010 15:26
Ranking: 408
Posts: 1,352
User Since: 26th Feb, 2009
System Score: 100%
Location: UK
Last edited on 30th Jul, 2010 15:27

There's a constant stream of new threads posted here about Adobe Flash and the like. I imagine that many (most?) of us have had problems with it and have used Maurice Joyce's procedures to resolve them.

In one of the most recent threads, Wolfgang Gagla talked of "harrassment" - link here:

http://secunia.com/community/forum/thread/show/487...

And now, I've just read about a USA lawsuit concerning restoration of deleted cookies /zombies in this BBC article, an extract from which is shown below:

http://www.bbc.co.uk/news/technology-10787882

So should I be worried/concerned? In particular:

(1) Should all PC-users immediately rush off to the Adobe website & check/change the security settings?

(2) As there is no way that the Auto-Update in PSI TP could do this, is there a need for Secunia to have a sticky comment on the Auto-Update screen?

(3) Or am I over-reacting?

*************************

Graham Cluley, senior technology consultant at the internet security firm Sophos, says that the source of the trouble was Adobe Flash itself, which he called "one of the weirdest programs on the planet".

"I think it's highly unlikely that these large companies have abused Flash cookies - which are different from browser cookies - with malicious intent," he said.

"I think it's much more likely that the vast majority of users are simply oblivious to the bizarre way in which Adobe allows them to configure the software."

While traditional browser cookies can be deleted from a users computer, either through an automatic purge or manual removal, the security settings for Flash are hosted on Adobe's own website, rather than your own computer.

Mr Cluley said that these settings are changed by logging onto Adobe's website, right-clicking on a Flash object and selecting "Global Settings" and then adjusting the security settings via the "Global Privacy Settings" panel.


"It would be unfair to say that the companies running the websites are at fault, in my opinion," he said.

"Surely if they are guilty then so are the web users who chose to run Flash with these settings, and Adobe themselves who chose such a peculiar and downright odd way to configure their software."


--
taffy078, West Yorkshire, UK

Desktop: Compaq Presario (OEM) 32 bit / AMD Athlon / 2 GB RAM
XP Home - SP3/ IE8/ Norton IS - Secunia PSI v2.0.0.3003

Laptop: Win 7 / IE11 / PSI v2.0.0.3003

mogs RE: Do the Security Settings on Adobe website need checking???
Expert Contributor 30th Jul, 2010 15:52
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
I don't think you're over-reacting taffy....it's as well to draw attention to the matter...create awareness....possibly lots of people havn't even checked their Adobe settings.
I've read other articles concerning Monster cookies.....again I think it is worthwhile at least doing a regular weekly check. That's one thing I really appreciate in Chrome...they're easy to keep an eye on.
It's very important to deal with a growing paranoia ?!

--
Was this reply relevant?
+0
-0
Maurice Joyce RE: Do the Security Settings on Adobe website need checking???
Handling Contributor 30th Jul, 2010 16:12
Score: 11830
Posts: 9,072
User Since: 4th Jan 2009
System Score: N/A
Location: UK
My thread on Flash tells U exactly what to do as an option extra. This has always been an issue.

--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+2
-0
taffy078 RE: Do the Security Settings on Adobe website need checking???
Contributor 30th Jul, 2010 16:24
Score: 408
Posts: 1,352
User Since: 26th Feb 2009
System Score: 100%
Location: UK
thanks Maurice.

From when you helped me, I particularly remember your advice re Adobe's Download Manager but, being honest, the above issue never hit me between the eyes.

Should anyone wish to refresh their memories, Maurice, can you confirm please that this is the Flash item to which you refer?


http://secunia.com/community/forum/thread/show/486...

--
taffy078, West Yorkshire, UK

Desktop: Compaq Presario (OEM) 32 bit / AMD Athlon / 2 GB RAM
XP Home - SP3/ IE8/ Norton IS - Secunia PSI v2.0.0.3003

Laptop: Win 7 / IE11 / PSI v2.0.0.3003
Was this reply relevant?
+2
-0
Maurice Joyce RE: Do the Security Settings on Adobe website need checking???
Handling Contributor 30th Jul, 2010 16:28
Score: 11830
Posts: 9,072
User Since: 4th Jan 2009
System Score: N/A
Location: UK
This is my normal advice on Flash.

UPDATING STANDALONE ADOBE FLASH
===============================
Works with Windows XP,Vista & Windows 7 - 32 & 64 Bit systems.

If U have PSI version 1.9.0.2 installed have U tried the auto update feature?

OR

To successfully install Adobe Flash go here:
http://www.filehippo.com/download_flashplayer_ie/

& then here if U have any Gecko based (Firefox etc) browsers.

http://www.filehippo.com/download_flashplayer_fire...

The latest version is:10.1.53.64

1. Download & SAVE it to desktop.
2. The installer will appear on the desk top. Before agreeing to install check these programmes are closed:
a. All Browsers.
b. PSI.
c. Windows Messenger.
d. Incredimail.
e. Adobe Free Reader.

3. The new install will then remove all old files during the update process.
4. Complete a PSI rescan & all should be in order.
5. Delete the Flash installer from the desktop.

POSSIBLE PROBLEMS.
++++++++++++++++++

If U failed to complete 2. above U may well find PSI still shows a vulnerability on the rescan.

SOLUTION

1. Double check all items listed in 2. above are closed.
2. Navigate to:
32 Bit Systems - C:\Windows\system32\Macromedia\Flash
64 Bit Systems - C:\Windows\sysWOW64\Macromedia\Flash

In these locations U may well find these entries:
FLASH10D or E.OCX - Right click & delete it/them.
FLASH10H.OCX - The latest version which should be retained.


SOLUTION 2

1. Check the path to the vulnerability.

If PSI has found elements of Flash in the C:\i386 folder or on any drive other than C that is an OEM reinstallation partition (normally D drive) or a drive U use solely to backup your work U can safely create an ignore rule. It may also be in the Recycle Bin.

OPTIONAL EXTRA'S
++++++++++++++++

Security. (Fairly important if U care to check what Adobe attempt to store on a PC)
Adobe also have a very bad habit of changing your Flash settings each time they plug vulnerabilities. To change the security settings to your liking & regain control of your PC click here:

http://www.macromedia.com/support/documentation/en...

Click each tab U see & change the settings to your security requirements.

Bloat ware.(Very important if U dislike totally useless programmes installed on your PC)
If you used the Adobe site, rather than FileHippo to update you will also find they try or have installed an unnecessary Download Manager.

It is bloat ware by a third party Company called NOS. If found I would uninstall it via Add/Remove.

If this post has solved your problem could you please select the ACCEPT option. This will lock the thread and stop you & I from receiving unnecessary update emails.

Update 12 18:07 22/07/2010





--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+3
-0
ddmarshall RE: Do the Security Settings on Adobe website need checking???
Dedicated Contributor 30th Jul, 2010 16:36
Score: 1212
Posts: 968
User Since: 8th Nov 2008
System Score: 98%
Location: UK
It is more relevant to look at this part of the Settings Manager:
http://www.macromedia.com/support/documentation/en...

That will tell you which websites have stored anything on your computer. If you change things, like disallowing third party content, you might find some websites no longer work as before.

The BBC article implies that your settings and data are stored on an Adobe website. This isn't true. The settings and data are stored on your computer. Because the Flash Player doesn't have a user interface, you have to go via the website to access them. You can also use CCleaner to get rid of the data without all the messing about.

There's a bit more explanation of what they have been doing here:

http://www.zdnet.com/blog/btl/big-media-sites-sued...

--
This answer is provided “as-is.” You bear the risk of using it.
Was this reply relevant?
+0
-0
wr RE: Do the Security Settings on Adobe website need checking???
Contributor 30th Jul, 2010 20:49
Score: 308
Posts: 739
User Since: 30th Mar 2008
System Score: 100%
Location: US
If you use Firefox & want to keep a check on
the 'Super Cookie'- download & install Better Privacy
add-on from Nettie Cat here: http://netticat.ath.cx/extensions.html

Hope this helps.

Regards, wr

--
HP Pavilion Slimline s3020n
Windows Vista Home Premium SP2 32 bit
AMD 64 Athlon X2
Firefox 31.2.0 ESR
The weakest link of a computer system is always sitting in front of the monitor.
Was this reply relevant?
+0
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


Secunia is a member of FIRST Secunia is a member of EDUcause Secunia is a member of The Open Group Secunia is a member of FS-ISAC
 
Secunia © 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability - Disclaimer
follow Secunia on Facebook follow Secunia on Twitter follow Secunia on LinkedIn follow Secunia on YouTube follow Secunia Xing follow Secunias RSS feed follow Secunia on Google+