Adobe Hopes Pop-up Warnings Will Stop Office-Borne Flash Attacks 125
tsamsoniw writes "In the wake of the most recent zero-day attacks exploiting Flash Player, Adobe claims that it's worked hard to make Player secure — and that most SWF exploits stem from users opening infected Office docs attached to emails. The company has a solution, though: A forthcoming version of Flash Player will detect when it's being launched from Office and will present users with a dialog box with vague warnings of a potential threat."
"Just show me auntie's e-card!" (Score:3, Interesting)
"This document contains macros which may harm your computer. Do you wish to allow them to run?" (Clicks "Yes" blindly.)
Some (or maybe all...IDK) Word documents that were actually templates contained macros in the absence of an actual wizard. This meant that in versions of Office that recognized the security hazard, you got a pop-up before the document actually opened. I personally clicked "Yes" or "Open Anyway" or "Allow" or whatever it said without even bothering to read it because I usually got the document from a trusted source (as in someone I trust, not someone a company/corporation trusts using an actual whitelist/blacklist). I presume many got tired of seeing the message as I did, and they did the same thing. Similar events will probably happen with this Flash issue. Your aunt sent you an e-card for your birthday from her virus-infested computer? Sweet! Allowed!
And before people ask, yes I was speaking in the past tense. I no longer use Microsoft Office, in favor of Google Drive's Office-like features that started out as "Google Docs & Spreadsheets". It may not be as full-featured, but I don't need it to be either.
Re:Separate the code and the data (Score:5, Interesting)
WTF is so convenient about having Word being able to display Flash content?
Do a significant/noticeable number of people embed Flash content in their Word documents?
How about Flash just preventing itself from running in non-browsers [and maybe their standalone Flash app]?
Meanwhile Gnash (Score:4, Interesting)
Meanwhile Gnash supports Youtube just fine, which remains Flash's sole legitimate use.
It even supports audio out of the box.
Re:aaand it won't help much (Score:4, Interesting)
Here's the real version of that conversation:
"So what's wrong with it?"
"You have the latest flash virus. Have you opened any Word documents lately?"
"Of course! I use Word all day."
(scans hdd, finds the one in email that started it)
"Did you open this?"
"Of course I did. It's the weekly report."
"Didn't it WARN you there may be a virus?"
"No"
"I'm pretty sure it popped up and warned you about the security implications of opening documents containing flash applets from untrusted sources"
"What does that mean?"
"It means it warned you about a possible virus"
"Oh, well stuff pops up all the time and I just click OK so the computer will work. Sometimes it pops up again so I click Cancel"
Users are bombarded with dialog boxes, permission boxes, info bars, tray notifications, software update notifications, and so forth all day long. They don't read them, they just click YES/OK. If it pops up again, they try CANCEL (even if the text is different - remember they don't read it!)
That's why IE's ActiveX scheme was a massive failure - it relied on users to know what ActiveX was, know what digital certificates were, then make an informed security decision for each and every control that wanted to install. Even if the native code execution wasn't a huge hole all by itself the whole scheme is a massive failure because most users don't know what ActiveX is, wouldn't know how to verify a certificate if they wanted to, and can't control what the control does after it's installed.
This is also why Android is a huge security fail. It relies on the user to understand what the permissions mean and what the consequences are at the time of install. Even if you understood exactly what those 18 permissions were (including scrolling down to expand the list and finding identically named permissions but with slightly different detail text under them)... you can't enable-disable them if you decide the app shouldn't have some of them. Should App X be able to modify or delete USB storage? maybe... depends on what it wants to do! Should it be able to make phone calls or send text messages? Maybe... too bad you won't be asked about it when it signs you up for $9.99/mo SMS services. What about manage accounts? Maybe the app wants to legitimately manage accounts... or maybe it will delete your entire google account. Who knows, but you sure won't be prompted about it.
Any system that relies on the user to make potentially dangerous security decisions is an automatic failure; doubly so if the decision is irreversible and persistent for all time (which covers the vast majority of security systems in use today).
I'm almost certain that in the future we'll grant permissions to different apps and websites by answering at the time the app wants access to the resource, not forever. Further I think the system will want to keep a history (think git, but for the entire filesystem), allowing you to effectively "roll back" a bad security decision. That probably means browsers and apps all run isolated in their own OS-provided VM/sandbox and all sharing or filesystem access routes through the version control system.
Re:Separate the code and the data (Score:5, Interesting)