Not Verified Flash Players

Discussion in 'other security issues & news' started by desertjon, Apr 5, 2012.

Thread Status:
Not open for further replies.
  1. desertjon

    desertjon Registered Member

    Joined:
    Mar 7, 2012
    Posts:
    81
    Location:
    Philippines
    I installed the latest versions of Adobe Flash Player for IE and Non IE..and when I go to IE add ons..it shows both versions as "Not Verified"..so does that mean theyre not legit flash players?..Again this came from File Hippo..I scanned them and no viruses detected
     
  2. sg09

    sg09 Registered Member

    Joined:
    Jul 11, 2009
    Posts:
    2,713
    Location:
    Kolkata, India
    Are those installers digitally signed by Adobe?
     
  3. desertjon

    desertjon Registered Member

    Joined:
    Mar 7, 2012
    Posts:
    81
    Location:
    Philippines
    I have been downloading all my programs from file hippo for years and havent had any problems until now..They are posted as the latest versions and look legit and scan as ok....I tried downloading flash player from the adobe site and everytime it says installation failed
     
  4. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,089
  5. STV0726

    STV0726 Registered Member

    Joined:
    Jul 29, 2010
    Posts:
    900
    Hey guys,

    I use Secunia PSI and it was weird, I noticed the same thing. I mean, I trust Secunia and all, but the Flash Player installer exes were not signed like I thought they usually are. I scanned them and when I installed them checked to see if WSA placed them in monitor mode due to any suspicious behavior but it did not. And Secunia checked it off as patched and up-to-date, so I concluded that Adobe just stopped signing this.
     
  6. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,089
    All four of those installers at the page I linked to are signed. Do you get any warning on those?
     
  7. STV0726

    STV0726 Registered Member

    Joined:
    Jul 29, 2010
    Posts:
    900
    I download them from Secunia directly and they use their own server for distribution I believe but they would (theoretically) never put an infected copy up for grabs.
     
  8. kwg

    kwg Registered Member

    Joined:
    Jun 30, 2007
    Posts:
    126
  9. Robin A.

    Robin A. Registered Member

    Joined:
    Feb 25, 2006
    Posts:
    2,283
    Does IE report status of a non-IE plugin?
     
  10. STV0726

    STV0726 Registered Member

    Joined:
    Jul 29, 2010
    Posts:
    900
    I'm just curious why these didn't have a digital signature? Doesn't Adobe normally sign these?
     
  11. Baserk

    Baserk Registered Member

    Joined:
    Apr 14, 2008
    Posts:
    1,317
    Location:
    AmstelodamUM
    On the Secunia forum, I recenty read about some issues with their SPS/Secunia Packaging Service.
    Perhaps this might account for the lack of signatures? Also, when you download the update, is it an Adobe/Flash installer or a Secunia installer?
     
  12. I have downloaded the flash player installers the both ActiveX and none ActiveX 11.2.202.228 64bit version from filehippo on 03/30/2012 the both installers signed by Adobe.
     
  13. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,089
    Ah, after researching Secunia PSI and SPS, now I understand that Secunia is in at least some cases distributing update packages that are modified versions of the manufacturer's official uninstaller/installer. Edit: If Secunia only distributed unmodified official versions like other distribution sites, the report of an unsigned version from Secunia plus the report of an unsigned version from FileHippo would make me think that perhaps Adobe distributed an unsigned version temporarily which both just happened to grab.
     
    Last edited: Apr 5, 2012
  14. STV0726

    STV0726 Registered Member

    Joined:
    Jul 29, 2010
    Posts:
    900
    Hi everyone,

    Thanks for the replies!

    Indeed I did use the auto-updater first and it failed unusually. I have been moving away from using that anyway tho because it takes soooo long as it runs in the background to take low resources but as a result is not good for quick patching.

    I used the manual "install solution" which came from a Secunia URL as usual. The installers were not signed, but my maximized Webroot heuristics determined to auto-allow the program based on popularity, age, behavior, and cloud knowledge, and since it installed fine and Secunia registered it as patched, I assumed it was fine.

    Probably, it is very very unlikely that a security firm that specializes in distributing updates would serve up mal-updates...I'm just worrying for nothing most likely.
     
  15. Daveski17

    Daveski17 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    8,030
    Location:
    Lloegyr
    Probably ... ;)

    I just chanced upon this thread, it interested me because I was having a HELL of a time trying to install the flash plug-in from Adobe's site on my laptop. My other machines are fine.

    Guess what? I installed them (IE & non-IE) from File Hippo without incident or this dreaded pop-up:

    Flashprob2png - Copypeg.jpg

    AAAAAAGGGGGGGGGGGGGHHHHHHHHH! :eek:

    So, good thread! :thumb:
     
  16. Daveski17

    Daveski17 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    8,030
    Location:
    Lloegyr
    I'm pretty sure they're fine, Dr Web says the links are OK anyway.
     
  17. desertjon

    desertjon Registered Member

    Joined:
    Mar 7, 2012
    Posts:
    81
    Location:
    Philippines
    Thanks for all the replies and advice
     
Loading...
Thread Status:
Not open for further replies.