Theme

Welcome · log in · join	food

	All Forums		Hot Topics		Gallery

Forums → Software and Operating Systems →

Security → Re: Adobe® Flash Player v.11.2.202.228 Released

uniqs
1212

« Coolest jobs in tech: hackers for hire • UK: Internet activity 'to be monitored' under new laws »

This is a sub-selection from Adobe® Flash Player v.11.2.202.228 Released

OZO Premium Member join:2003-01-17 4 recommendations	OZO to hayc59 Premium Member 2012-Mar-29 5:40 pm to hayc59 Re: Adobe® Flash Player v.11.2.202.228 Released It's an endless chain of critical security updates... I'm getting sick and tired form all of them. Here we have it again. And they make sure that the new updates will be needed soon. How? They include deliberately insecurities (installing new executables that could run on background potentially by a malware, elevate its own privileges, spread configuration files across your computer, etc), so users will have those problems in nearest future and they, Macromedia, will have to issue new critical security updates again and again... Here is what I found new in this v11.2.202.228 update: 1. Setup is pushing a new updater, asking if you want to allow automatic updates. Even if you will never need it, they ignore your setting and install additional insecure components on your computer anyway. 2. Setup silently adds new scheduled task(s): Adobe Flash Player Updater 3. Setup adds new file `C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe` (additional vector for future exploits), that is registered to run as a service Now, how to make Flash secure? After you run all setup programs (ActiveX and Plugin versions, if needed): 1. Follow instructions from this page: How to Make Flash Secure Software FAQ 2. If you don't use autoupdater (as I always recommend - don't do it, be careful and watch what Macromedia installs on your computers), uninstall the new Adobe Flash Player Update service. Run in CMD: `sc delete AdobeFlashPlayerUpdateSvc del C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe del C:\WINDOWS\system32\Macromed\Flash\mms.cfg` 3. Remove new scheduled task ("Adobe Flash Player Updater") from this folder: `C:\WINDOWS\Tasks` Why Macromedia is always trying to put a pig into my computers? I specifically instruct the latest installer - Never check for updates. But it disregards my will and installs their new update service on my computer and puts new files into known places, so the future hackers potentially could exploit that to their advantage... Do they have any respect to my computer? I don't think so. So the question arises - what's wrong with these people???
	actions · 2012-Mar-29 5:40 pm ·
Sentinel Premium Member join:2001-02-07 Florida 1 recommendation	Sentinel Premium Member 2012-Mar-30 9:07 am Thanks OZO. Excellent info and very much appreciated.
	actions · 2012-Mar-30 9:07 am ·
Mele20 Premium Member join:2001-06-05 Hilo, HI	Mele20 to OZO Premium Member 2012-Mar-30 7:28 pm to OZO Thanks so much! Even though Process Guard stops the updater from running I didn't dream Adobe would actually put Flash Player Update Service into my list of Services and do so silently. It was set on "manual" so would run anytime Adobe wanted it to do so and if I didn't have PG to stop it..well.... I set the service to Disabled so it can never run even if I didn't have Process Guard. I agree with you. What is wrong with Adobe? They are getting desperate because soon FP will be obsolete as HTML5 takes over (and who knows what horrors will come with HTML5)? Besides acting desperate but only now when they are fast becoming extinct they seem to give the finger to knowledgeable users whom I am sure they know do NOT want automatic crap like this shoved down their throats.
	actions · 2012-Mar-30 7:28 pm ·
FF4me @bhn.net	FF4me Anon 2012-Mar-30 7:34 pm More discussion about this issue here: »Sneaky Adobe Flash Player Background Updater
	actions · 2012-Mar-30 7:34 pm ·
StuartMW Premium Member join:2000-08-06 3 edits 2 recommendations	StuartMW to OZO Premium Member 2012-Mar-31 6:24 pm to OZO FYI I created a batch file, containing OZO 's commands, and put it in the C:\Windows\system32\Macromed\Flash folder so I don't have to find OZO 's post again. All I have to do is run the batch file to delete the Flash update service. RemoveAutoUpdate.bat @rem Remove (completely) the Flash Player auto-update service @rem @sc delete AdobeFlashPlayerUpdateSvc @del FlashPlayerUpdateService.exe PS: mms.cfg is a plain text file containing configuration parameters for the updater service. As such it's harmless. I didn't bother deleting it in my batch file as the Flash control panel applet will recreate it. mms.cfg AutoUpdateDisable=1 SilentAutoUpdateEnable=0
	actions · 2012-Mar-31 6:24 pm ·
Martinus Premium Member join:2001-08-06 EU 1 recommendation	Martinus to OZO Premium Member 2012-Apr-2 10:49 am to OZO said by OZO: Run in CMD: `sc delete AdobeFlashPlayerUpdateSvc del C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe del C:\WINDOWS\system32\Macromed\Flash\mms.cfg` 3. Remove new scheduled task ("Adobe Flash Player Updater") from this folder: `C:\WINDOWS\Tasks` In Win7 64bit there's also a FlashPlayerUpdateService.exe buried deep in in C:\Windows\SysWOW64\Macromed\Flash
	actions · 2012-Apr-2 10:49 am ·
OZO Premium Member join:2003-01-17 1 recommendation	OZO Premium Member 2012-Apr-2 2:46 pm Thank you, Martinus . I miss 64-bit version. So, I guess adding followed line will help (and at least not hurt in any way ): `del C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe` Error, generated by not finding the file, could be easily disregarded.
	actions · 2012-Apr-2 2:46 pm ·

Forums → Software and Operating Systems → Security	« Coolest jobs in tech: hackers for hire • UK: Internet activity 'to be monitored' under new laws »
This is a sub-selection from Adobe® Flash Player v.11.2.202.228 Released