[Computer security] Update your Adobe Flash Player. All browsers, all OSes.

mechBgon · Oct 15, 2008

If your computer has Adobe Flash Player installed, update to Adobe Flash Player 10 to eliminate major security issues with 9.0.124 and prior versions. Adobe's download page for Linux, Mac and Windows versions. Most people have Flash Player, so if you're not sure, you probably do.

I'd also encourage home users of Windows to run the Secunia Personal Software Inspector to find and eliminate vulnerabilities in stuff like QuickTime, RealPlayer, WinAmp, Adobe Reader and so on. This matters, so do it

Also, hit the Microsoft Update site a couple times to make sure that (1) you actually have the Microsoft Update engine (it's more comprehensive than the stock Windows Update engine), and (2) you've got all the October updates that came out yesterday.

For the Mac OS X crew, Apple recently released a major bundle of patches for OS X, so make sure your Mac is up-to-date on its patching too

Also check for security updates to your preferred web browser and other installed software, such as Adobe Flash Player, Adobe Reader, etc.

geepondy · Oct 15, 2008

Wonder why it says I have four different versions of java?

tvodrd · Oct 15, 2008

geepondy said:
Wonder why it says I have four different versions of java?

Bastids make you manually uninstall previous versions. I stumbled upon what seems like a very cool uninstaller called Revo Uninstaller. MechBgon, what do you think? I defer to you in such matters!

Larry

mechBgon · Oct 15, 2008

geepondy said:
Wonder why it says I have four different versions of java?

Yeah, the Sun Java Runtime installer doesn't remove the old versions when you install a new one*. See if you can uninstall the old versions via the usual Add/Remove Programs found in Control Panel.

edit: regarding the uninstaller mentioned above, I'm kinda paranoid about downloading and running utilities from sources I've never heard of, out of concern they might turn out to be Trojan Horses or backdoored software. So I would go with the manual Add/Remove Programs method if at all possible :tinfoil:

Big picture: Sun's Java is one of the more popular things to try to exploit (typically by a scripted attack in a malicious or hacked website), along with Adobe Reader, QuickTime, and Flash Player. Many people have no actual need for Java at all. So you might consider uninstalling all versions of Sun Java completely, and just wait until you see an actual need for it (for a concrete example, the US Government's official time page uses a Java applet to generate a time display).

Up-to-date Sun Java downloads can be found for all platforms (Linux, Mac and Windows) at http://java.sun.com/javase/downloads/index.jsp for those who need to get the latest version. To add Java capabilities to a home computer, what you'd be after is the Java Runtime Environment (JRE).

*It's worth noting that since JRE 1.5.06 (I think), the bad guys can no longer call up older versions of Java Runtime by request, even if they are still present on the system. Up until then, they could.

da.gee · Oct 15, 2008

I use Revo Uninstaller and would recommend it. Also use Secunia. My system comes out pretty secure except for Macromedia Flash which is installed in more than one place for different programs. I can't ever seem to get rid of it everywhere so I always get back a report that it is still vulnerable. Also reluctant to go whole hog and remove as it may disable some functionality in programs I depend on (Dreamweaver 8 specifically).

NA8 · Oct 16, 2008

mechBgon said:
If your computer has Adobe Flash Player installed,

Don't forget to pick up the OBJECTION plug in for the Firefox browser. I downloaded Firefox just to run OBJECTION every day. I use Opera as a browser so don't feel obligated to actualy browse with it.

Why OBJECTION ? Doesn't everyone know ?

http://en.wikipedia.org/wiki/Adobe_..._Privacy.2FPersistent_Identification_Elements

TooManyGizmos · Oct 16, 2008

I didn't see OBJECTION mentioned in that link ?

So I still don't understand what you mean .

.

NA8 · Oct 16, 2008

Ooops.

Well, that's where you start, but you'd want to go to this link from that page:

http://en.wikipedia.org/wiki/Local_Shared_Object

and then this one:

http://en.wikipedia.org/wiki/Local_Shared_Object#Firefox_Extension_.22Objection.22

I see now the original link was a bit of a stretch, even if the background information is useful.

My bad. :stupid:

On the bright side, the plug-in itself is real easy to use.

geepondy · Oct 16, 2008

With Secunia, it says I have a lot of office products not up to date? I thought the windows update would take care of that automatically, no?

Also I hope using end of life programs is not dangerous. I have a few of those. I use an old version of ACDsee version 2.1 strictly for viewing pictures, reason being it opens up an an instant. All the newer graphic programs are so loaded with fluff that they all have to load a bunch of crap before opening. Maybe fine for editing purposes but not for just viewing pictures.

orbital · Oct 16, 2008

mechBgon said:
Yeah, the Sun Java Runtime installer doesn't remove the old versions when you install a new one*. See if you can uninstall the old versions via the usual Add/Remove Programs found in Control Panel.

edit: regarding the uninstaller mentioned above, I'm kinda paranoid about downloading and running utilities from sources I've never heard of, out of concern they might turn out to be Trojan Horses or backdoored software. So I would go with the manual Add/Remove Programs method if at all possible :tinfoil:

Big picture: Sun's Java is one of the more popular things to try to exploit (typically by a scripted attack in a malicious or hacked website), along with Adobe Reader, QuickTime, and Flash Player. Many people have no actual need for Java at all. So you might consider uninstalling all versions of Sun Java completely, and just wait until you see an actual need for it (for a concrete example, the US Government's official time page uses a Java applet to generate a time display).

Up-to-date Sun Java downloads can be found for all platforms (Linux, Mac and Windows) at http://java.sun.com/javase/downloads/index.jsp for those who need to get the latest version. To add Java capabilities to a home computer, what you'd be after is the Java Runtime Environment (JRE).

*It's worth noting that since JRE 1.5.06 (I think), the bad guys can no longer call up older versions of Java Runtime by request, even if they are still present on the system. Up until then, they could.

+

Most interested in how this effects the new Firefox 3.1 beta.
I'v been using it since last night and the speed increase is quite noticeable!
Much of the speed gains are from how Java is processed/not processed....hmmm

edit: Manual Flash settings(you may delete and disable)~ http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager07.html

mechBgon · Oct 16, 2008

geepondy said:
With Secunia, it says I have a lot of office products not up to date? I thought the windows update would take care of that automatically, no?

This is one reason I suggested upgrading from Windows Update to Microsoft Update. It gets you updates for Office and Works software, as well as other Microsoft software that doesn't come with Windows itself. To get the Microsoft Update engine, hit http://update.microsoft.com and that'll get you started.

Note that if you have Office service packs to install, there'll be some additional patches to get after you're up to the latest Service Pack, so keep going back until it comes up clean. After that, Automatic Updates should keep you topped off

Also I hope using end of life programs is not dangerous. I have a few of those.

It could be dangerous if there are exploitable weaknesses in the EOL software. For example, I have a couple licenses for WinZip 9. There are exploitable vulnerabilities in WinZip 9, and it's EOL. The bad guys do attempt to exploit it using scripted attacks. I switched to something else.

If you're interested in advanced countermeasures against exploits (known and unknown), setting up a non-Admin user account and optionally a Software Restriction Policy are great security enhancements if they'll work for your needs

On non-Windows systems, using a low-privilege user account for daily-driver stuff is similarly beneficial.

Much of the speed gains [in FireFox 3.1] are from how Java is processed/not processed....hmmm

Java, or JavaScript? They're different, and you don't need Java in order to use JavaScript. Not many web pages actually use Java.

orbital · Oct 16, 2008

+

I looked over it rather quick, its JavaScript.

NA8 · Oct 16, 2008

geepondy said:
I use an old version of ACDsee version 2.1 strictly for viewing pictures, reason being it opens up an an instant. All the newer graphic programs are so loaded with fluff that they all have to load a bunch of crap before opening. Maybe fine for editing purposes but not for just viewing pictures.

I'm using ACDsee ver 2.42. It seemed to work best with win2k and supports .tif also (some versions don't). You can try various versions here:

http://www.oldversion.com/

Hmmm.. probably doesn't open as fast though, looks like v2.1 is pretty small.

ACDSee 2.1 (0.6 MB)
ACDSee 2.22 (0.9 MB)
ACDSee 2.4 (1.9 MB)
ACDSee 2.42 (1.9 MB)
ACDSee 2.43 (1.6 MB)

ACDSee 8.0 (12.1 MB)
ACDSee 8.1 (24.2 MB) a little bloat here.

geepondy · Oct 16, 2008

MechBgon, are you a believer in anti-bot programs such as Norton Anti-bot? (anyone else can comment as well)

Incidentally I did all the critical office patches and Secunia still says I have six office insecurities.

Catapult · Oct 17, 2008

This doesn't apply to all browsers or OSs. Only the those that are supported.

mechBgon · Oct 17, 2008

geepondy said:
MechBgon, are you a believer in anti-bot programs such as Norton Anti-bot? (anyone else can comment as well)

Not really, no. It's like expecting an outbound firewall to stop malware. If malware is already resident on the system, all bets are off. Prevention is the name of the game, IMO.

This doesn't apply to all browsers or OSs. Only the those that are supported.

What I meant is that if you have Adobe Flash Player installed, you should update, regardless of what browser(s) and OS you use. If you don't have Flash Player because your platform isn't supported, then that's one less piece of software you have to maintain :twothumbs

Catapult · Oct 18, 2008

mechBgon said:
What I meant is that if you have Adobe Flash Player installed, you should update, regardless of what browser(s) and OS you use. If you don't have Flash Player because your platform isn't supported, then that's one less piece of software you have to maintain :twothumbs

I do have Adobe Flash Player installed. It looks like Adobe dropped support for a number of OSs in their latest version, including Win98SE, unfortunately, so I can't update.

mechBgon · Oct 18, 2008

Catapult said:
I do have Adobe Flash Player installed. It looks like Adobe dropped support for a number of OSs in their latest version, including Win98SE, unfortunately, so I can't update.

Oh, I see. As you probably know, Win98 SE itself no longer gets security updates, so if computer security is something you want, maybe see about upgrading to at least Windows 2000, which is a major step forward in security and will be supported through 2011. Or another OS of your choice. Otherwise, the threat of clickjacking, malvertisement exploits and clipboard hijacks via Adobe Flash Player will just be the tip of your insecurity iceberg :ohgeez:

I'd consider having a Win98 box around to run old, old games on, but I wouldn't let it out onto the Internet at this point.

sunspot · Oct 19, 2008

Thank you mechBgon. I ran the Adobe Flash update and ran the Secunia PSI.

my Apple Quick Time and Maromedia Flash Player are at EOL. Are they needed? I can't find them on my Remove Programs list. Do you have any advice on what to do?

mechBgon · Oct 19, 2008

sunspot said:
Thank you mechBgon. I ran the Adobe Flash update and ran the Secunia PSI.

my Apple Quick Time and Maromedia Flash Player are at EOL. Are they needed? I can't find them on my Remove Programs list. Do you have any advice on what to do?

Glad to help

Nope, you don't need the obsolete versions, just the latest ones.

To fix your EOL Flash Player, you could try the Adobe Flash Player uninstaller which is listed near the top of this page.

Afterwards, run the Secunia checkup to see if you've successfully gotten rid of the EOL Flash Player version that it was complaining about. Once that's done, you can install the latest version of Flash Player and you're all set

Note: on Windows, you could have two Flash Players installed: one for Internet Explorer, one for FireFox/Mozilla/Netscape/Opera. So if you run the uninstaller, you'd need to reinstall both versions of Flash Player afterwards to have Flash in both families of web browsers.

Alternately, you can manually delete the offending obsolete Flash file. Secunia will help you find it. Click the folder icon circled here:

The location of the file will be opened, and you should be able to delete it. In the case of Flash Player 6.x, the file you want to delete is flash.ocx.

For the EOL QuickTime Player, there's no official uninstaller that I'm aware of, so again, just use the manual approach.

Hope that helps

[Computer security] Update your Adobe Flash Player. All browsers, all OSes.

Enlightened

Flashlight Enthusiast

*Flashaholic* ,

Enlightened

Enlightened

Flashlight Enthusiast

Flashlight Enthusiast

Flashlight Enthusiast

Flashlight Enthusiast

Flashlight Enthusiast

Enlightened

Flashlight Enthusiast

Flashlight Enthusiast

Flashlight Enthusiast

Enlightened

Enlightened

Enlightened

Enlightened

Flashlight Enthusiast

Enlightened

Similar threads

Flashaholic ,