Adobe Flash - ESET Threat Blog "The Spy in Your Computer"

Discussion in 'privacy general' started by FanJ, Oct 12, 2010.

Thread Status:
Not open for further replies.
  1. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    2,564
  2. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    My experience has been that blocking anything with Flash settings sends you into "warning hell" and/or almost completely disables a website. IMHO, a tool such as Better Privacy or any tool that can get rid of Flash cookies upon browser exit is a better alternative. This is where the "use a different browser than IE" mantra would come in, but thankfully we have things such as Sandboxie to fix that issue as well.
     
  3. vasa1

    vasa1 Registered Member

    Joined:
    May 1, 2010
    Posts:
    4,152
    Good stuff. Now to play with the config file :D
     
  4. TairikuOkami

    TairikuOkami Registered Member

    Joined:
    Oct 10, 2005
    Posts:
    2,509
    Location:
    Slovakia
    That applies for blocking javascript mostly. With flashblock, you will just get a few standalone windows, which can be enabled with a single click as well a whole webpage.
     
  5. Sadeghi85

    Sadeghi85 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    747
    With NoScript, one could enable these settings(image below) and allow scripts globally(if blocking scripts cause too much pain), you could mark unwanted sites(e.g. facebook) as untrusted and the content from those sites will be blocked even if scripts are globally allowed, does the job of flashblock and a few more add-ons!
     

    Attached Files:

    • NS.PNG
      NS.PNG
      File size:
      41.5 KB
      Views:
      2,269
  6. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    3,771
    Location:
    Outer space
    With all his modifications making almost everything unusable why even bother to install Flash? IMO it's better to install something like BetterPrivacy and configure it to delete all LSO's including settings.sol at a regular time interval and at browser exit. Also use something like NoScript or other Addon to control which sites are allowed to use flash.
     
  7. vasa1

    vasa1 Registered Member

    Joined:
    May 1, 2010
    Posts:
    4,152
    Hi! Have you actually tried the modifications?
     
  8. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    @ FanJ

    Great links, looking forward to the other/s :thumb: Randy Abrams doesn't hold his punches :D

    *

    BetterPrivacy is excellent at removing LSO's etc and i have it set up to remove/delete everything like this

    bp.gif

    I also have NoScript maxed out, and don't have any problems watching videos i "Choose" to watch. Of course i need to enable scripts whilst i watch those, but in a selective way, not cart'e blanch'e, and i only select Temporary for that page or link :) So after viewing and closing that window/tab it's all gone and back to blocking again :thumb:
     
  9. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    3,771
    Location:
    Outer space
    No, but in the past I tried only disallowing third party Flash content storage, which already broke a lot.
     
  10. vasa1

    vasa1 Registered Member

    Joined:
    May 1, 2010
    Posts:
    4,152
    Well, this is what he suggested:
    #mms.cfg file to be placed in \System32\Macromed\Flash

    LocalStorageLimit = 1
    AssetCacheSize = 0
    ThirdPartyStorage = 0
    AssetCacheSize = 0
    AutoUpdateInterval = 1
    LegacyDomainMatching = 0
    LocalFileLegacyAction = 0

    But this is what I did (with Firefox 3.6.10) and with no disasters so far:

    AVHardwareDisable = 1
    DisableDeviceFontEnumeration = 1
    FullScreenDisable = 1
    LocalFileReadDisable = 1
    FileDownloadDisable = 1
    LocalStorageLimit = 1
    ThirdPartyStorage = 0
    AssetCacheSize = 0
    AutoUpdateDisable = 1
    DisableProductDownload = 1
    LegacyDomainMatching = 0 #should it be 1o_O
    LocalFileLegacyAction = 0
    AllowUserLocalTrust = 0
    DisableSockets = 1
    RTMFPP2PDisable = 1
     
  11. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    2,564
  12. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    @ FanJ

    :

    Thank you Sir, been looking forward to these :thumb:
     
  13. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    2,564
    Hey CloneRanger,

    You're most welcome :D

    I just had only a very quick view now at part 3 and 4.
    Maybe I expected a bit more in these two parts, but -as said- I only got a quick view at the moment.

    Cheers, Jan
     
  14. fsr

    fsr Registered Member

    Joined:
    Jul 26, 2010
    Posts:
    190
    Been using macromedia control panel for quite some time now, i will now try config file. Thx for reminder :thumb:
     
  15. 3GUSER

    3GUSER Registered Member

    Joined:
    Jan 10, 2010
    Posts:
    812
    Very useful blog posts . Hopefully more people will read it and understand what products Adobe actually creates
     
  16. wutsup

    wutsup Registered Member

    Joined:
    Sep 20, 2009
    Posts:
    630
    Location:
    United States
    Hey vasa1, you mentioned that Randy said in his blog to place the mms.cfg file in the macromed folder, but I read all 4 parts of the blog and he only talked about mms.cfg. He never said where to put it. Where did you get the info for where to put the mms.cfg file?

    Also, doesn't ccleaner remove Lso/flash cookies?
     
  17. vasa1

    vasa1 Registered Member

    Joined:
    May 1, 2010
    Posts:
    4,152
    True. He never said where to put it but, in the second blog, he wrote:
    Page 19 of the guide has this:
    mms.cfg file location
    Assuming a default Windows installation, Flash Player looks for the mms.cfg file in the following system directory:
    Windows (Vista, XP, 2000 and 7) %WINDIR%\System32\Macromed\Flash
    Note: The %WINDIR% location represents the Windows system directory, such as C:\WINDOWS.
    For 64-bit machines, the System directory is SysWow64, instead of System32. Note that Flash Player supports only 32-
    bit browsers on 64-bit operating systems.


    Okay?

    What CCleaner does (or doesn't do) is another matter and maybe someone else can answer that.
     
  18. fsr

    fsr Registered Member

    Joined:
    Jul 26, 2010
    Posts:
    190
    Hey vasa, going through each point i got similar conclusion :thumb:

    AllowUserLocalTrust = 0
    AssetCacheSize = 0
    AutoUpdateDisable = 1
    AVHardwareDisable = 1
    DisableDeviceFontEnumeration = 1
    DisableProductDownload = 1
    DisableSockets = 1
    FileDownloadDisable = 1
    FileUploadDisable = 1
    FullScreenDisable = 0
    LegacyDomainMatching = 0
    LocalFileLegacyAction = 0
    LocalFileReadDisable = 1
    LocalStorageLimit = 1
    OverrideGPUValidation = 0
    RTMFPP2PDisable = 1
    ThirdPartyStorage = 0

    Except for FileUploadDisable :blink: FullScreenDisable (whats wrong with this?) and LegacyDomainMatching -->

     
  19. vasa1

    vasa1 Registered Member

    Joined:
    May 1, 2010
    Posts:
    4,152
    Hi fsr, it's bed-time for me :oops: . I'll look at things tomorrow. The points you mentioned really need careful reading!
     
  20. wutsup

    wutsup Registered Member

    Joined:
    Sep 20, 2009
    Posts:
    630
    Location:
    United States
    so in the blog, Randy is saying flash/LSO cookies can spy on you only if they are present on your computer within your browsing session correct?

    i read on the piriform forums that ccleaner can delete LSO/Flash cookies

    also, how do you guys create the mms.cfg file? do you guys use notepad?
     
  21. vasa1

    vasa1 Registered Member

    Joined:
    May 1, 2010
    Posts:
    4,152
    Notepad is fine.
     
  22. Longboard

    Longboard Registered Member

    Joined:
    Oct 2, 2004
    Posts:
    3,187
    Location:
    Sydney, Australia
    Good reading.
    Tx FanJ et al

    No Script and Better Privacy here.
    If I go changing config files too much I usually forgot heh always forget what I did, so I stick with the GUI tools; makes tracking and undoing changes easier for this addled old man.
    :blink:
     
  23. cm1971

    cm1971 Registered Member

    Joined:
    Oct 22, 2010
    Posts:
    727
    Thanks very much to the OP for this. I have already added a config file and marked the settings.sol as read only. Adobe really needs a better way to manage Flash settings.
     
  24. wutsup

    wutsup Registered Member

    Joined:
    Sep 20, 2009
    Posts:
    630
    Location:
    United States
    so these LSO cookies are only dangerous when they are present on the computer correct?

    and can anyone confirm if CCleaner can delete these Flash/LSO cookies?
     
  25. wutsup

    wutsup Registered Member

    Joined:
    Sep 20, 2009
    Posts:
    630
    Location:
    United States
    should the mms.cfg be saved as mms.cfg or mms.cfg.txt?

    and i just used the settings provied by Randy. is that enough? or sshould i try out one of fsr or vasa's settings.
     
Loading...
Thread Status:
Not open for further replies.