McRip System Files is a free portable offline installer for Adobe Flash, Microsoft Silverlight, DirectX Redistributable, Shockwave Player and Java. Offline means that the program contains all installers for offline installation. In other words, an Internet connection is not required during installation of the technologies.

The downside is the size of the installer, which is currently weighing in at 192 Megabytes. This can be an issue, especially for users who do not need all of the applications but only some of them.

Just start the installer to install one, multiple or all of the programs on a target system.

Checkboxes allow you to make selections prior to installation. Please note that 32-bit and 64-bit installation files are available. It should also be noted that the developers have added the latest Flash beta version to the program and not the latest stable version of Adobe’s software.

Windows Vista and Windows 7 users need to run the program with elevated privileges. All selected applications will be installed silently on the system and with automatic updates disabled. Users who want automatic updating enabled need to configure the programs accordingly.

System Files can be a useful program for users who need offline installers for multiple of the included programs. Silent installation of all programs and disabled auto updates may be interesting as well.

Windows users can download the program from Softpedia. The developer website is available here.

Flash users are asked to visit the About Flash page to check the Flash version installed on their computer.

It is alternatively possible to right-click on Flash content to see the Flash Player version in the context menu.

Adobe recommends to update Flash Player to the newest version 11.1.102.55 by downloading it from Adobe’s Flash Player Download Center. Is it alternatively possible to download Flash offline installers from the linked guide. Android users can update Flash by downloading the latest version from Android Market on their Android device. Google Chrome users do not need to run the update manually as it is automatically installed by the browser.

The security patch fixes several memory corruption, buffer overflow and stack overflow vulnerabilities in Adobe Flash Player that attackers could exploit to cause a crash on the system running Adobe Flash technologies. Code execution could then give the attacker control of the affected system.

Interested users can read the security bulletin over at the Adobe website. It offers additional information about each vulnerability found and download links to various technologies affected by the vulnerabilities.

The next big Flash release (that is Adobe Flash 11.2) will introduce automatic silent updates on Windows. This means that it will become more comfortable for Windows users to keep their installed version of Flash up to date on their system. See Flash Player 11.2 Introduces Automatic Updates for details.

Now though Adobe have signalled the beginning of the end for Flash by announcing that they are to discontinue development of the Flash player for Blackberry and Android devices.  In a press release the company signalled their the future would be HTML5 and their existing AIR runtime environment.

Our future work with Flash on mobile devices will be focused on enabling Flash developers to package native apps with Adobe AIR for all the major app stores. We will no longer adapt Flash Player for mobile devices to new browser, OS version or device configurations. Some of our source code licensees may opt to continue working on and releasing their own implementations. We will continue to support the current Android and PlayBook configurations with critical bug fixes and security updates.

Over the past two years, we’ve delivered Flash Player for mobile browsers and brought the full expressiveness of the web to many mobile devices.

However, HTML5 is now universally supported on major mobile devices, in some cases exclusively. This makes HTML5 the best solution for creating and deploying content in the browser across mobile platforms.

We will no longer continue to develop Flash Player in the browser to work with new mobile device configurations chipset, browser, OS version, etc.) following the upcoming release of Flash Player 11.1 for Android and BlackBerry PlayBook.

People’s feelings over this announcement will be mixed.  All of Adobe’s products have been criticised for having lax security over the years and Flash was no exception to this.  It was difficult to disagree with Apple’s decision not to allow Flash on their iOS operating system, no matter how much we might have liked the plug-in itself.

Flash, which was born FutureSplash, has become the bedrock of video and interactivity online.  Quite simply it is the only plug-in to have ever reached nearly 100% adoption.

Questions will also be raised over the future of Flash for OS X and Windows.  It is very likely that these too will be discontinued before too long, and probably before the launch of Windows 8.

What the future of the web will now look like with HTML5 and scripting replacing the compiled code of the SWF file format remians to be seen.  Many popular websites have been shying away from Flash in recent years to return to more traditional interface types.  It is possible that the withdrawal of Flash from the Internet won’t even be noticed as websites such as YouTube complete their transition to true HTML5.

This does mean that devices that have been waiting for the arrival of Flash, including Windows Phone, will now never see it and can begin the full move to HTML5 in earnest; Windows Phone now has an HTML5 browser with the latest update.

There is not really a lot that users can do to improve the Flash performance on their computer. While some may be able to increase fps by closing background applications or overclocking their graphics adapter, others may not see a difference at all in this regard.

The Firefox add-on Low Quality Flash offers a different solution. The extension modifies the HTML source code to load Flash elements in low quality. This is an automated process that happens on every page load if Flash elements are loaded. This works on games but also on regular Flash applications and media including advertisement banners.

Reducing the quality of Flash should have a positive effect on the overall performance on the page. It can on the other hand reduce the visual quality of the contents. Depending on the Flash element this can be visible or not visible at all. The add-on works on most sites but not on all. You may encounter sites where you won’t see a difference.

The add-on can also improve the performance on Flash heavy sites in general which includes faster navigating or scrolling for instance. The most recent versions of the Low Quality Flash add-on come with a preference to switch from low quality to medium quality Flash contents instead. This may be interesting for computer systems that cannot play high quality or ultra quality Flash contents but are sufficiently fast to play medium quality contents.

Firefox users can install Low Quality Flash directly from the official Mozilla Firefox add-on repository.

If you look at the plugin listing in the Chrome web browser you may notice that the Flash listing says something like Flash (3 files) or Flash (2 files). You need to click on Details on the page to see what’s going on there.

You may notice that multiple Flash plugins are loaded in the Chrome web browser instead of just the native plugin. You can click on the Disable or Enable links to disable or enable specific Flash versions in the browser. This can be handy for Flash developers who need to test their applications in a different version of Flash, and for end users who do not want multiple running plugins in the owser.

Multiple enabled Flash plugin versions in the browser are not a problem according to Google.

It’s normal to see two Flash files in about:plugins. When both are listed as enabled, Google Chrome uses the built-in version by default, so you shouldn’t have to specify which one to use unless you specifically want Chrome to use the system version instead (has ‘NPSWF32.dll’ in the location field). Keep in mind that if you use the system version, you’re responsible for keeping Flash updated while the built-in version will update automatically via Chrome’s auto-update mechanism.

If multiple Flash plugins are enabled and the native plugin is one of them, then that plugin is used to display Flash contents in the Google Chrome web browser. This does not explain why a second Flash plugin is enabled in the browser, as it does not make sense if the native Flash plugin is always used if active.

My suggestion would be to disable the non-native Flash plugin in Chrome to be on the safe side.

Probably the biggest new feature in the beta is native 64-bit support for 64-bit Windows operating systems. While still in beta, it marks a milestone in the 64-bit development of Flash, as the beta release indicates that 64-bit support might be added to the final version of Flash 11.

Users with the intention to download the 64-bit version of Flash beta need to know that it can only be run in a 64-bit web browser. That’s Internet Explorer mostly, and some custom compiled versions of the Firefox web browser. Users who run a 64-bit browser can install the 64-bit version of Flash normally on their system, provided that it is a 64-bit operating system as well. To sum it up: You need a 64-bit OS, a 64-bit web browser to install the 64-bit version of Flash 11 Beta.

What else is new in Flash 11? Adobe lists the following features on the Adobe Labs page: Stage3D APIs, G.711 audio compression for telephone, H264/AVC SW Encoding, Socket Progress Events and HD Surround Sound.

Adobe® Flash® Player 11 desktop beta drives innovation for rich, engaging digital experiences with new features for cross-platform browser-based viewing of expressive rich internet applications, content, and videos across devices. Some of the features from the Flash Player Incubator, such as Stage 3D and 64-bit support, have been moved into this beta release.

While useful to some users, they might not be relevant for the majority of Flash users at this point in time. Flash 11 Beta could be more interesting to developers who may have plans to integrate one or some of the new features into their applications.

Interested users can download 32-bit and 64-bit editions of Flash 11 Beta from the Adobe website. The new version is available for Windows, Linux and Macintosh computer systems. The download page links to 32bit and 64bit Flahs uninstallers, for users who need to go back to version 10 of Flash.

We have covered all new features of Flash Player 10.3 when the first beta was released in March, and those information are still valid.

Adobe Flash Player 10.3.181.14 fixes several security issues, next to the new features that have been added by Adobe.

The vulnerabilities affect all supported operating systems and have received a critical rating by Adobe. Users are encouraged to update their version of Flash to the new release as soon as possible.

Critical vulnerabilities have been identified in Adobe Flash Player 10.2.159.1 and earlier versions (Adobe Flash Player 10.2.154.28 and earlier for Chrome users) for Windows, Macintosh, Linux and Solaris, and Adobe Flash Player 10.2.157.51 and earlier versions for Android. These vulnerabilities could cause the application to crash and could potentially allow an attacker to take control of the affected system. There are reports of malware attempting to exploit one of the vulnerabilities, CVE-2011-0627, in the wild via a Flash (.swf) file embedded in a Microsoft Word (.doc) or Microsoft Excel (.xls) file delivered as an email attachment targeting the Windows platform. However, to date, Adobe has not obtained a sample that successfully completes an attack. (via)

The new handling of so called Flash cookies in web browsers is probably the most important feature from an end-user’s perspective. Before Flash Player 10.3, you were not able to delete those cookies from within the browser interface. Even if you’d select to delete all cookies, you’d only delete HTTP cookies and not cookies created by Flash.

With the new system in place, browser developers can integrate the cleaning of Flash cookies right into the temporary files and history cleaning of the web browser.

Another interesting addition is the integration of Flash Player in the operating system’s Control Panel. Windows, Mac and Linux users find a Flash entry in the control panel which they can use to configure Adobe’s Flash Player.

Users can make use of the new settings manager to manage local storage settings, camera and microphone permissions and peer-assisted networking permissions. It furthermore can be used to check for updates manually, and block the automatic update checks.

A delete all button is offered under Browsing Data and Settings which removes all Flash related settings and data across all browsers on the computer.

Flash Player 10.3 Direct Download Links

You can download Flash from the official Get Adobe Flash website as well.

Adobe’s Flash Player needs elevated rights during installation, if the user has only standard rights it cannot be installed; At least not the standard way.

Lets assume you have access rights to use a computer at school, work or a public place, maybe on a company laptop or at a school library. A web browser is available but the Flash plugin is not installed so that you cannot access Flash based content sites such as Youtube.

Please note that this method works perfectly fine if Firefox is the web browser used on the system. It is unlikely that Chrome or Opera are installed on the system, but workarounds exist for these browsers as well.

If you are a Firefox user and want to use Flash but do not have administrative privileges do the following:

• Download the latest version of the Firefox Flash plugin from the official Macromedia website. Your best option is to right-click the download link and select Save As.
• Extract the contents of the downloaded file to a folder on the local system. You may need to change the file extension to zip if you have only access to the standard Windows unzipper.
• Move the two files NPSWF32.dll and flashplayer.xpt into the Firefox plugin directory. The plugin directory is located in the root directory if you are using a portable version of Firefox, if Firefox is installed is is located in the profile folder. Easiest option to find out where the folder is located is to enter about:support in the address bar. This works for Firefox 3.6 and up.
• If no Plugins folder exist create the folder and move the two Flash Player files into the folder.
• You can now enjoy Flash based contents. Be aware that the plugin is not auto-updating itself. You need to make sure to keep it up to date manually.

You have a few additional options that you may want to explore. If you can run portable software, you may want to consider using Google Chrome portable, since the browser ships with the Flash Player plugin natively.

The same is true for other portable browsers. Just configure the browser at home so that it includes the Flash plugin and run it from the computer where you have limited access rights.

I’m not sure if there is a way for Internet Explorer as well. If anyone has some insights let me know in the comments.

User systems in the meantime were susceptible to those attacks. The latest critical vulnerability in Flash was revealed in a security advisory at the Adobe website.

The critical vulnerability in all Flash Player versions for all supported operating systems – yes even Android – impacts not only systems running Flash, but also systems running Adobe Reader 9.3.4 and Adobe Acrobat 9.3.4.

Adobe states that “this vulnerability could cause a crash and potentially allow an attacker to take control of the affected system” with reports that the vulnerability is already actively exploited in the wild “against Adobe Flash Player on Windows”.

Adobe expects to provide an update during the week of September 27 for Adobe Flash Player, and October 4 for Adobe Reader and Acrobat.

Until then, all users running Adobe Flash or Adobe Reader / Acrobat are vulnerable to the critical vulnerability. Make sure your security software detects the vulnerability and blocks it from execution.

One question that Chrome readers may have in mind: Is the build in Flash plugin also susceptible for attacks? In short, yes it is. The latest Chrome internal Flash Player plugin version is listed as 10.1.82.76, which is exactly the version that is vulnerable. The design of the browser may however mitigate the impact on the system, as may the out of process feature of the Firefox web browser.

We say may because we have no confirmation at this point.

It is a well kept secret that Adobe Flash Player can be configured globally. Administrators and users who want to do that need to create the file mms.cfg. This file needs to be stored in the following directories to be accessed by the Flash Player:

• Windows: %Windir%\System32\Macromed\Flash
• Macintosh: /Library/Application Support/Macromedia
• Linux: /etc/adobe/

The following parameters are supported by the configuration file:

Most options can be set to 0 = false or 1 = true. A basic example is the command AVHardwareDisable = 1, which blocks SWF file access to webcams and microphones. A value of 0 allows the user to configure the setting in the Settings Manager.

Privacy Parameters:

AVHardwareDisable = [0,1]
DisableDeviceFontEnumeration = [0,1]

Defines if SWF files can pull the list of installed fonts from the computer system. Setting it to 1 means they cannot do that, while 0 means the information can be returned.

User Interface Parameters:

FullScreenDisable = [0,1]

Defines if a SWF file can be displayed in full screen mode. A value of 1 prevents that, while 0 allows it.

Data loading and storage options:

LocalFileReadDisable = [0,1]

A value of 1 prevents local SWF files from having read access to files on the local hard drive which means local SWF files cannot run. Remote SWF are unable to upload or download files.

FileDownloadDisable = [0,1]

Setting the parameter to 1 disables downloads of files, while 0 allows it.

FileUploadDisable = [0,1]

The same as FileDownloadDisable, with the difference that it blocks or allows file uploads.

LocalStorageLimit = [1,2,3,4,5,6]

This sets the limit of local storage the Flash player can allocate per domain. (1=no storage, 2=10KB, 3=100KB, 4=1MB, 5=10MB, 6=no limit]

ThirdPartyStorage = [0,1]

If this value is set to 1, third-party SWF files (those that originate from a different domain than the current one) can read and write locally persistent shared objects. If this value is set to 0, third-party SWF files cannot read or write locally persistent shared objects.

AssetCacheSize = [ 0, number of Megabytes]

This value specifies a hard limit, in MB, on the amount of local storage that Flash Player uses for the storage of common Flash components. If this option is not included in the mms.cfg file, the Settings Manager lets the user specify whether to permit component storage. However, the user can’t specify how much local storage space to use. The default limit is 20 MB.

Update Options:

AutoUpdateDisable = [0,1]

If set to 1, Flash Player disables auto-update. This prevents Flash Player from checking periodically for updated versions. If set to 1, the following parameters are ignored.

AutoUpdateInterval = [number of days]

Defines the interval in which Flash Player checks for new versions. The default value is 30 days.

DisableProductDownload = [0,1]

If this value is set to 0 (the default), Flash Player can install native code applications that are digitally signed and delivered by Adobe. Adobe uses this capability to deliver Flash Player updates through the developer-initiated Express Install process, and to deliver the Adobe Acrobat Connect screen-sharing functionality. If this value is set to 1, these capabilities are disabled.

ProductDisabled = application name

TThis option is effective only when DisableProductDownload has a value of 0 or is not present in the mms.cfg file; it creates a list of ProductManager applications that users are not permitted to install or launch.

Security Options:

LegacyDomainMatching = [0,1]

This setting controls whether to allow a SWF file produced for Flash Player 6 and earlier to execute an operation that has been restricted in a newer version of Flash Player.

LocalFileLegacyAction = [0,1]

This setting controls how Flash Player determines whether to execute certain local SWF files that were originally produced for Flash Player 7 and earlier.

AllowUserLocalTrust = [0,1]

This setting lets you prevent users from designating any files on local file systems as trusted (that is, placing them into the local-trusted sandbox). This setting applies to SWF files published for any version of Flash.

EnforceLocalSecurityInActiveXHostApp = executable filename

By default, local security is disabled whenever the ActiveX control is running in a non-browser host application. In rare cases when this causes a problem, you can use this setting to enforce local security rules for the specified application. You can enforce local security for multiple applications by entering a separate EnforceLocalSecurityInActiveXHostApp entry for each application.

DisableNetworkAndFilesystemInHostApp = executable filename

This option is similar to EnforceLocalSecurityInActiveXHostApp, but applies to plug-ins as well as the ActiveX control, and imposes stricter security controls. When a plug-in or ActiveX control is running within an application specified, it will be as though the HTML parameter allowNetworking=”none” had been specified. That is, no networking or file system access of any kind will be permitted, and the SWF running in the Flash Player will run without the ability to load any additional media or communicate with any servers. You can enforce local security for multiple applications by entering a separate

Socket connection options

DisableSockets = [0,1]

This option enables or disables the use of the Socket.connect() and
XMLSocket.connect() methods. If you don’t include this option in the mms.cfg file, or if its value is set to 0, socket connections are permitted to any server. If this value is set to 1, no socket connections are allowed. However, if you want to disable some but not all socket connections, set this value to 1 and then use EnableSocketsTo to specify one or more servers to which socket connections can be made.

EnableSocketsto = [host name, IP address]

This option is effective only when DisableSockets has a value of 1; it creates a whitelist of servers to which socket connections are allowed. Unlike most other mms.cfg options, you can use this option as many times as is appropriate for your environment. Note that the servers specified are target servers, to which socket connections are made; they are not origin servers, from which the connecting SWF files are served.

GPU Compositing:

OverrideGPUValidation = [ 0, 1 ]

The GPU compositing feature is gated by the driver version for video cards. If a card and driver combination does not match the requirements needed to implement compositing, set OverrideGPUValidation to 1 to override validation of the driver requirements. For example, you might want GPU compositing enabled during a specific test suite, even if the video driver in the test machine doesn’t meet compositing requirements. This setting overrides driver version gating but still checks for VRAM requirements.

RTMFP options:

RTMFPP2PDisable = [ 0, 1 ]

This option specifies how the NetStream constructor connects to a server when a value is specified for peerID, the second parameter passed to the constructor. If RTMFPP2PDisable has a value of 0 or is not present in the mms.cfg file, a peer-to-peer (P2P) connection can be used. If this value is 1, any value specified for peerID is ignored and P2P connections are d

RTMFPTURNProxy = URL of TURN proxy server

If this option is present, Flash Player attempts to make RTMFP connections through the specified TURN server in addition to normal UDP sockets. TURN Servers are useful for conveying RTMFP network traffic through firewalls that otherwise block UDP packets.

Additional information:

flash player 10.0 admin guide
Adobe Flash Player 10 Admin Guide website.
mms Config Example
Recent Man in the middle Vulnerability [German]

The config is a basic example file, which disables update checks, hardware and font enumeration. (thanks go to Hubert for sending in the tip).

Firefox users who want Adobe Flash to view videos, play games or access other Flash based contents do not need to install Flash for that functionality. There is an easier and safer way.

The following guide works for Windows based portable Firefox versions. The process has two steps. The Flash plugin needs to be downloaded first, before it can be added to Firefox. Adding in this case means making it recognizable by the browser without installation.

Open another web browser or download manager and download the Flash plugin from the official Macromedia website. The plugin comes in a format that Firefox would prompt to install instead of download. Downloading it in another web browser is therefor the best solution.

The next step is to unpack the flashplayer-win.xpi file. Most unpackers like 7-Zip will have no problems unpacking the file. Users who encounter troubles should consider adding a .zip extension to the file, before trying to extract the files to the local computer system.

Locate the dynamic link library NPSWF32.dll in the extracted files, and move it to the Data > Plugins directory of the Firefox installation. Restart the browser, and check the plugins section to see if the Flash plugin has been recognized.

This is done by going to Tools > Add-ons, and switching to the Plugins tab in the new window. Another possibility would be to visit a Flash powered site to see it in action. Users should not encounter any difficulties if they have followed the instructions to the letter.

The only drawback of this method is that Flash needs to be updated manually whenever a new version becomes available.

The patch, released through version 10.1 of the Flash player is available now from www.adobe.com and there is also a new version of Adobe Air as well.

The company may have managed to shoot itself in the foot with this patch however as you’ll see from the amusing screenshot below, where the news story about the patch in the new version of the Flash Player is accompanied by a picture of Homer Simplson asking “Ooh. They have the Internet on Computers now!”

Okay, so this is a banner advert for an Adobe Air app, but I had to share the irony of the event with you.

The patch fixes a critical vulnerability which could allow your PC to be hijacked remotely and it covers Windows, Mac and Linux users, so everybody should upgrade.  All PC users should upgrade their version of Flash as soon as possible to prevent their PCs being vulnerable to the flaw.

An update for Acrobat and Acrobat reader is due sometime in the next week or so to fix the same vulnerability.

This is now the fourth week of the change. There have not been many situations where I missed the Flash player, mainly when some of my friends send me a link to a video that I could not watch, when a website embedded a flash video that would not play and when I tried to watch online video at sites like Hulu or Gametrailers.

One of the most irritating experiences was the constant notification in the RSS feed reader RSS Owl that the Flash Player was not installed. It was possible to turn that message off but this also meant that the reader would not display images anymore. I still decided to turn it off as the messages were to frequent to be ignored.

I did cheat just a little bit as I run a developer version of the Google Chrome web browser which, as some of you may know, comes with native Flash support. I’m still able to access Flash content when I start that web browser.

I discovered two additional workarounds. The first was to change the Youtube Flash Player to the experimental HTML5 player. I was then able to play many – but not all – Youtube videos without Flash. But only on the site directly and not on websites that embed the videos.

The second option was to download videos if I needed to watch them. This was again not possible on all sites and for all videos but it helped me out several times. It is not such a practical thing to do but still better than not watching it at all or running Flash in the background all the time.

I have decided to continue on this path. No Flash plugin on my PC with the exception of the native Flash plugin in Google Chrome. It works pretty well and the PC is more secure without Flash.

A life without Flash would mean to make the system more secure. But which consequences would it have in terms of usability? Are there websites and services that would stop working completely or partially? To find out we need to take a look at the functionality of Flash. Why is it installed on so many computer systems and what are the core services that are offered in Flash?

What is Flash being used for?

There are not any official statistics about Flash usage on websites, at least none that we could find during our research. We were able to identify the following sectors in which Flash is being used:

• Media Streaming: Mainly video and audio players that stream videos on websites.
• Games and entertainment: Many games are created in Flash.
• Advertisements: Flash ads are a common occurrence on the web.
• Services and sites: Some site use Flash for specific services, like a chat for instance, or on their whole website.

HTML5 introduces media streaming capabilities which should reduce the need for Flash in that area. Youtube for instance is offering an experimental HTML5 video player that can be used instead of the Flash player to view the videos on the site. There are also some options to either replace the flash player in a web browser with a media player that is installed on the computer system. Firefox add-ons like Media Player Connectivity replace the Flash player, some display the output in the web browser while others redirect it to the local media player.

Games on the other hand cannot be played if Flash is not installed. The same is true for advertisements (which most Internet users probably won’t miss at all. The services and sites on the other hand depend largely on the user’s personal web surfing habits. Flash player might still be needed if websites with Flash exclusive features are accessed.

Can you live without Flash?

It is quite possible to not install Flash. Alternatives at least are available at least in the media streaming sector. Not all media sites might work though but the way is paved for a Flash less future. Casual gamers on on the other hand have barely any other options. Java might be an alternative but the majority of games are served in Flash.

What’s your opinion on the matter? Do you use Flash? Do you have plans to stop using it in the future?

It is therefor suggested to find a way to download Adobe Flash without the Adobe Download Manager. But that’s unfortunately not as easy as it sounds as Adobe seems to have cut off many other options to download Adobe Flash without the download manager.

There are basically two options to download Adobe Flash without the Adobe Download Manager. The fact that Adobe offers different versions of Flash depending on the web browser that is used to access the website makes the matter even more confusing.

The best option to download Adobe Flash directly is to use the direct links to the setup files. Those links point to the Windows Flash installers.

• Adobe Flash Player Internet Explorer download [link]
• Adobe Flash Player Other Browsers download [link]

Those two links always point to the latest official release version of Adobe Flash. The second option is to download a developer release of Adobe Flash from the Flash Labs website. Those are often pre-releases which can contain bugs. Versions for all operating systems are offered.

Both options allow the user to download Adobe Flash without the Adobe Download Manager.

One exception to that rule is Flash content, so called flash cookies or local shared objects, are still stored on the system and an analyst could use those to uncover the websites that stored them on the computer even in private browsing mode.

This is going to change with the release of Flash 10.1 which will automatically recognize the private browsing mode and abide to its rules. This essentially means that Flash Player 10.1 will automatically clear any data that has been created during the private browsing session so that this data cannot give clues about the websites the user visited during that time.

Private Browsing mode is currently supported in Internet Explorer 8, Mozilla Firefox 3.5 and Google Chrome 1 or higher. Safari 2 is also offering private browsing mode which is currently not supported by Flash 10.1 (but will be in the future).

Flash content that has been stored on the computer system before starting the private browsing mode will remain on the computer. They will however be inaccessible during private browsing mode.

Starting with Flash Player 10.1, Flash Player actively supports the browser’s private browsing mode, managing data in local storage so that it is consistent with private browsing. So when a private browsing session ends, Flash Player will automatically clear any corresponding data in local storage.

Additionally, Flash Player separates the local storage used in normal browsing from the local storage used during private browsing. So when you enter private browsing mode, sites that you previously visited will not be able to see information they saved on your computer during normal browsing. For example, if you saved your login and password in a web application powered by Flash during normal browsing, the site won’t remember that information when you visit the site under private browsing, keeping your identity private.

Flash Player will not store any changes made to the Global Settings Manager which does have a consequence if a web site or application requests additional storage space. The request will simply be denied which is why the Adobe developers have increased the default local storage limit in private browsing to 1 MB (opposed to the 100 KB default in normal mode).

Flash Player does not save any information—including settings—in private browsing mode, since this information might reveal sites that you visited while using private browsing. Accordingly, settings options will be hidden. Tabs that modify domain-specific settings such as privacy (camera and microphone access) and local storage will not be displayed. Since you cannot set domain-specific settings in private browsing mode, Flash Player will use default settings from the global Settings Manager.

Additional information about Flash Player 10.1′s new private browsing support are accessible at the Adobe Devnet.

First statistics are now in and they do look impressive. On a global scale more than 10 million Firefox users have clicked on the Flash update link posted on the What’s new page shown after Firefox updates in one week. The Mozilla developers have published a graph displaying the overall page traffic, the amount of Firefox users with and without the latest Flash version and the click through rate of those without.

The graph shows that about half of the users who accessed that page in the first week had an outdated version of the Adobe Flash player. Between 27% and 40% of these users clicked on the link that lead them to the Adobe page to update their Flash player. This does on the other hand mean that the majority did not click on the link to update Flash which indicates that there might be room for presentation improvements to get more users to click on that link.

Users who want to test their Flash version can head over to the Adobe website to do so.

That’s where the Mozilla developers began thinking about solutions for this problem. They quickly came up with the solution to test the version of the Adobe Flash plugin after Firefox updates. Regular Firefox users know that Firefox will open a what’s new page after an update. This what’s new page will contain the Adobe Flash version check.

Firefox users with an outdated version of Adobe Flash will receive the notification that it is outdated. This information contains a link that is directly pointing to the latest version of Adobe Flash at the Adobe website. Hopes are that many users who are running an outdated version of Flash will visit the Adobe website after a Firefox update to download the latest version of Adobe Flash to install it on their computer system.

Users who want to try the Flash check right now can visit the upcoming what’s new page for Firefox 3.5.3.

That was then, this is now. During my first trials with Ubuntu 9.04 I discovered just how far the installation of browser plugins has come. This article will illustrate to you this fact.

Ideally, of course, the distribution would ship with all of the necessary plugins installed. By default there are a number of plugins already for you:

• Demo Print
• DivX
• Quicktime
• VLC (handles many media formats)
• Windows Media Player

But the number one plugin is still missing. Why? The reason for flash missing is because there are actually three different flash plugins you can install. One is the official Adobe plugin and the other two are open source versions. Although I am a big supporter of open source software, both open source flash plugins are still in their infancy and are not yet up to par with the official version. I made the mistake of installing one of the open source versions and had to uninstall so I could get the official version.

How to install

As is typical for Linux, there are a number of ways to install the flash plugin. You can download the plugin from the Adobe site. You could open up a terminal window and issue the command:

sudo apt-get install flashplugin-installer

You could open up Synaptic (Add/Remove Software utility) and search for adobe and select “flashplugin-installer”.

Or you could browse to a web site that requires Flash.

The latter is the easiest and reliable.

Figure 1

When you go to a site that requires flash you will see a bar appear with a button on the right side labeled “Install Missing Plugins” (see Figure 1). Click that button and a new window will open (see Figure 2). This new window asks you to choose which flash player you want to install. There are three choices:

Figure 2

• Swfdec: The GNOME version of the flash player
• Adobe Flash Player: Official version
• Gnash: GNU SWF player

Choose the Adobe version and click Next. You will then be warned that the Adobe Flash Player will download and install another application. This is okay. You will be required to enter your user password to continue.

Once the installation has finished you will need to click the Finish button.

Check the installation

After the installation is complete you can check it by opening up the plugins page. Do this by typing about:plugins in the address bar. In this page you will see all installed plugins listed. The first one listed should be the most recently installed, which will be flash.

Using this method does not require you to restart Firefox. You have completed the process of installing the Adobe Flash plugin for Firefox.

Final thoughts

If you have any history with Linux then you know how much of a relief it is to be able to install browser plugins so easily. If you have any interest in using the open source version of these plugins, give them a try. You can uninstall them by looking at the about:plugins page to know which version you have installed. When you know which plugin you have installed search for it in Synaptic and remove it. Once removed you can go through the process of installing through Firefox again.

The HP Security Laboratory has created the application SWF Scan which can be used by both developers and end users to analyse Adobe Flash files for more than 60 vulnerabilities. Usage is pretty simple and straightforward although interpretation of the findings might require a deeper understanding of Adobe Flash or extensive research on the Internet. The application works with both local Adobe Flash files or those embedded in websites.

Users will first have to find out the direct url to the embedded flash file on the website. All web browser provide those capabilities. Firefox users for instance right-click the page and select Page Info from the context menu to get a list of objects that are embedded in the website. A click on the Media tab and a manual search for files of the type embed should be enough to find the url of the Adobe Flash file. A right-click on the flash object will open a menu with the option to copy the url to the clipboard.

Once the url has been copied to the clipboard it can be pasted into the interface of the HP SWF Scan application. A click on the get button next to the url bar will initiate a connection attempt of the Adobe Flash security scanner. If the file is a valid Adobe Flash file it will automatically try to decompile it displaying the findings in the sidebar and the actual source in the right window.

A proficient Flash user can now analyze the code on his own. Everyone else is better of clicking on the Analyze button in the header of the security program. This will analyze the decompiled source code and provide a summary to the user.

The summary contains a list of vulnerabilities that have been found in the Adobe Flash file. This vulnerabilities mean that the Flash file might be vulnerable to certain exploits. Flash developers can then rewrite part of their application to fix the discovered vulnerabilities. End users on the other hand may be delighted to know that an Adobe Flash file does not contain any of the known vulnerabilities.

SWF Scan is a free download after a mandatory registration at the HP website. It is currently only available for the Microsoft Windows operating system.