Long post: Browser, ActiveX, Flash question

[Acadia]

I apologize in advance for the long post but I’ve got a puzzle that is driving my natural curiosity crazy. For the past several weeks I’ve been having a real blast experimenting with alternate browsers, the most fun that I’ve had in a while, on a pc anyway. I’m not going to bother naming all the browsers that I have tried, but more and more I kept finding myself coming back to Firefox and the Internet-Explorer-shell which I’m sure most of you have heard of called AvantBrowser.

FF and AB just felt right and were the simplest and easiest to use, at least for my needs and browsing habits, YMMV. Between the two, I usually stuck with FF because of the alleged greater security that we all keep hearing about.

Last week Secunia released that Spoofing test that took you first to Citibank and now USA Today, and demonstrates how many pcs can be hijacked or spoofed into seeing the test message that Secunia wants you to see and not the message that USA Today wants you to see. Keeping in mind that YMMV, AvantBrowser was the only browser that was able to secure my system against this spoof USING MY NORMAL SURF SETTINGS. I can pass the test demo with all three browsers I am now using, the two alternates plus Internet Explorer, if I tighten up my security settings to an unreasonable degree which makes surfing very impractical. To repeat, only with AvantBrowser can I keep my normal surfing settings and defeat the Secunia test.

This aroused my curiosity so I studied the Secunia site a bit further since, while I had heard many times about Secunia, I had never actually spent any time there. As of yesterday according to Secunia, Internet Explorer now has 20 vulnerabilities, Firefox has 3, and Avant only has 1. If I am reading the Secunia site correctly (admittedly a big if), Avant MAY actually be more secure that Firefox and, if that is actually the case, then this is all the more impressive since Avant is actually just an IE shell.

Anyway, I told you that story so I could ask you this question: what, if any, is the connection between ActiveX and Macromedia Flashplayer7? While messing with the Secunia test demo, I discovered that in Internet Explorer and AvantBrowser, whenever I COMPLETELY killed ActiveX, my Macromedia Flashplayer7 would also stop working. But in Firefox the flashplayer is always working and remember, in FF there is no ActiveX, and to anticipate some of your questions, NO, I definitely DID NOT install the ActiveX extension for Firefox.

How in Firefox is the flashplayer able to work without even having ActiveX when, at the same time, in Internet Explorer and AvantBrowser I must keep the ActiveX turned on in order for the flashplayer to work? Thank you all very much for reading this very long post.

Acadia

Quote:

Originally Posted by Acadia

I apologize in advance for the long post but I’ve got a puzzle that is driving my natural curiosity crazy. For the past several weeks I’ve been having a real blast experimenting with alternate browsers, the most fun that I’ve had in a while, on a pc anyway. I’m not going to bother naming all the browsers that I have tried, but more and more I kept finding myself coming back to Firefox and the Internet-Explorer-shell which I’m sure most of you have heard of called AvantBrowser.

Another IE shell that is fairly interesting security wise is Maxthon. Their response and attempted patches to ANNOUNCED exploits is pretty fast.

Quote:

FF and AB just felt right and were the simplest and easiest to use, at least for my needs and browsing habits, OMMV. Between the two, I usually stuck with FF because of the alleged greater security that we all keep hearing about.

Allegedly??

Quote:

Last week Secunia released that Spoofing test that took you first to Citibank and now USA Today, and demonstrates how many pcs can be hijacked or spoofed into seeing the test message that Secunia wants you to see and not the message that USA Today wants you to see. Keeping in mind that OMMV, AvantBrowser was the only browser that was able to secure my system against this spoof USING MY NORMAL SURF SETTINGS.

FUD. I can do it in firefox with normal javascript functions on.

Quote:

To repeat, only with AvantBrowser can I keep my normal surfing settings and defeat the Secunia test.

No.

Quote:

This aroused my curiosity so I studied the Secunia site a bit further since, while I had heard many times about Secunia, I had never actually spent any time there. As of yesterday according to Secunia, Internet Explorer now has 20 vulnerabilities, Firefox has 3, and Avant only has 1.

Heh, do you really think Avant is immune to all of the 20 bugs in IE? Maybe one or two by accident due to the way it handles tabs might protect Avant from various spoofing bugs (which you must admit is quite difficult to exploit), but you betacha serious buffer overflow ,cross site scripting attacks, etc generally affect all IE clones.

What you see now is merely a result of Secunia's recent new policy of keeping seperate "accounts" for IE shells. They did not retrospectively go back and test the various IE shells to see if they were vulnerable to the older IE exploits!

As you will soon see, whenever IE exploit accounts advances by one, all the other IE shells generally advance by the same amount too.

In general for most serious exploits, unless you are told otherwise , the IE shell is vulnerable as well. Spoofing tricks are the exception since IE shells implement tab browsing, and that can mess thing up leading to different behaviour.

Quote:

If I am reading the Secunia site correctly (admittedly a big if), Avant MAY actually be more secure that Firefox and, if that is actually the case, then this is all the more impressive since Avant is actually just an IE shell.

Nonsense as explained before.

Quote:

Anyway, I told you that story so I could ask you this question: what, if any, is the connection between ActiveX and Macromedia Flashplayer7? While messing with the Secunia test demo, I discovered that in Internet Explorer and AvantBrowser, whenever I COMPLETELY killed ActiveX, my Macromedia Flashplayer7 would also stop working. But in Firefox the flashplayer is always working and remember, in FF there is no ActiveX, and to anticipate some of your questions, NO, I definitely DID NOT install the ActiveX extension for Firefox.

Without going into details (which I know nothing of anyway), the plugin for mozilla browsers for flash is completely different from the one for IE. Given this fact, why would you expect both to need activeX?

Remember the "ActiveX control" in mozilla is purely experimental, and Macromedia cannot count on it being installed at all. I'm sure they would have ensured the flash plugin for firefox worked without it.

[Acadia]

Think I may have found the answer:

Flash uses a DLL component with Mozilla.
Flash uses an ActiveX component with IE.

Acadia

Flash is a bandwidth and CPU hog. More bells and whistles. Course some people want to see animated Sea Monkeys.

Depends on personal preference. I like to keep it simple.

[Acadia]

Quote:

Originally Posted by nod32_9

Flash is a bandwidth and CPU hog.

Indeed, that is why on my old system and on dial-up I didn't even have it. Now with my new high-powered system and now that I'm on Broadband, I don't notice any slowdown. That's one nice feature of Avant, all the toggles to kill the fancy stuff, ActiveX, Script, Java are just a click away AND there is even a one-click disable for Flash, if I ever find it distracting which I sometimes do especially on Yahoo. To kill Flash in Firefox I have to use the Adblocker, unless I have missed an easier way, anyone?

Acadia

[Bubba]

Quote:

Originally Posted by Acadia

Flash uses an ActiveX component with IE.

Yep....and in particular an .ocx file(flash.ocx)....the OLE of yonder years

[HandsOff]

Hi Acadia,

You want to know how activeX and Flash are related. This may be related to some of the problem

for the IE settings under "ActiveX controls and plug-ins there is one setting called

"Run ActiveX controls and Plug-ins"

you want to *leave this setting as enabled if you want to see Flash*. Why? Because this setting related to JAVA and Flash, NOT to activeX!

I like to leave this enabled and use Javacool's Spywareblaster / Tools to quickly toggle flash on and off. Why? because you don't get the message about not being able to see the site properly.

Merry Christmas!


- HandsOff

[JW Clements]

Quote:

Originally Posted by HandsOff

I like to leave this enabled and use Javacool's Spywareblaster / Tools to quickly toggle flash on and off.

- HandsOff

This doesn't cover Flash 7, just up to 6.x , at least with SWB v3.2 on my PC.

Jim