Adobe Hopes Pop-up Warnings Will Stop Office-Borne Flash Attacks 125
tsamsoniw writes "In the wake of the most recent zero-day attacks exploiting Flash Player, Adobe claims that it's worked hard to make Player secure — and that most SWF exploits stem from users opening infected Office docs attached to emails. The company has a solution, though: A forthcoming version of Flash Player will detect when it's being launched from Office and will present users with a dialog box with vague warnings of a potential threat."
Re:Clever move (Score:2, Informative)
The "vague" warning on Office 2008 or earlier is below. The default is do not allow content to play. It's inline with other generic warnings so let's try to keep the FUD to a minimum.
Also, Office 2010 has a Protected Mode sandbox. If it's from the Internet or Untrusted Zone the Protected View feature prevents it from running by default.
"This document contains embedded content that may be harmful to your computer.
Choose from one of the following options:
- Do not allow content to play (Recommended).
- I recognize this content. Allow it to play."
Re:Just remove Flash from office machines (Score:5, Informative)
Genuinely interested... what would you use Flash for in an office? Not counting people who develop Flash games for work, since they ought to be clueful enough not to get pwned.
At least in the medical field, every damned 'training' company, every manufacturer, every news site uses Flash. And uses it poorly. But it's not going away any time soon.
Re:"Just show me auntie's e-card!" (Score:5, Informative)
Macro viruses were annoying also. For awhile Word/Excel gave you only one check box in security prefs, to pop a dialog when a document contained macros. (you could not disable them, only turn on the dialog)
Then when the user opened a doc with a macro (or more often, a virus) it would pop and give just TWO options... (A) open and run macros, or (B) do not open.
Gotta love microsoft for that one. Took them insane ages to add the (C) Open with macros disabled. Until then we had to deal with the "but I HAD to open it" people. But then I could continue to bash on them for not having a "flush macros" button anywhere, and the ability to create a "hidden" macro, and every macro virus creator's all-time-favorites, the "run on open" and "copy macro to other closed document" options. But that's drifting somewhat OT.
Minitube does not use the Flash Player (Score:2, Informative)
http://flavio.tordini.org/minitube [tordini.org]
Linux, Mac OS X, Windows
"Light on your computer. By consuming less CPU, Minitube preserves battery life and keeps your laptop cool. That's because Minitube does not use the Flash Player.
High Definition. Minitube plays HD videos up to 1080p. Go full-screen and watch them play smoothly.
1-Click Downloads. Download your favorite clips to your computer and put them on your portable device. Downloaded files are in MPEG4 format which is compatible with most devices, including Apple ones.
Stop fiddling. Just search for something. Minitube automatically plays videos one after another. Sit back and enjoy."
http://packages.ubuntu.com/quantal/minitube [ubuntu.com]
http://packages.debian.org/sid/minitube [debian.org]
Re:Minitube does not use the Flash Player (Score:2, Informative)
for Linux - it should be posted on their site.
Even more importantly, where is the source code for Adobe Flash?
Re:Separate the code and the data (Score:5, Informative)
While that may be true for flash specifically, the number of people who embed complex programming scripts into word documents is incredibly large. I've never worked for a company which didn't have some bizarre use for it.
A small Pizza joint used a complicated array of javascript to automate their ledgers which were kept in an excel file rather than an accounting program.
A biscuit factory I worked for actually managed to turn a very large collection of excel files into a rudimentary database with an insanely complicated set of scripts embedded in each file. This surprisingly worked, though you pushed a button and it would open many files in excel at once and the computer ground to a halt while computing the necessary ingredients for the next batch.
Now I work for a large fortune 500 company and every word document is embedded with complicated scripting to automagically update footers and synchronise with a 3rd party document management system.
While I haven't seen flash specifically it is not at fault here security wise, embedding programming languages into content files is, and that is incredibly common.
Oh god, this is marked insightful (Score:3, Informative)