Your Browser and the Criminal

No, this is not some new book, movie, or play at the local theatre, although the way criminals have been doing their best to take advantage of browser exploits over the past few years, such a TV Sitcom could be produced I’m sure.  No, this is a very real correlation that has many facets to it.

It is because of this correlation being so strong between Internet Explorer and threats being installed in a drive-by manner, that most technicians urge their clients to move away from that browser and go instead with another one such as Firefox or Chrome.  However, in recent times, Chrome has come under threat and even more recently, criminals have found a way to engage in drive-by installations via Adobe’s Flash plugin.  PC World covers the unfortunate news here:

Vulnerabilities such as those discussed in the link above, are reasons why Adobe and others are issuing updates so frequently to their products.  If you are always wondering why Adobe seems to send you a new update almost every other week, patching security flaws and vulnerabilities is a big reason why.  Don’t get frustrated with those update notices.  Instead, pounce on them as soon as you can to ensure your browsing experience doesn’t infect your computer.

A second way to ensure a healthier computer, is to go into your particular browser’s plugin/add-on/extension settings, and turn Flash off.  Some browsers have an option where you can set the plugin to ask everytime flash is encountered.  This will let you decide if you absolutely require it to enjoy content on a site, or whether you can skip it and still take in the content you were after.

Firefox allows for this capability and I’ve had flash officially turned off for quite awhile now.  You’d be amazed how many websites are perfectly viewable without enabling flash, but who request to enable flash anyway.  The reason many sites who would otherwise not require flash to serve you their content, ask for it anyway, is because there is now a tiny bit of code they can set on your computer, called a flash cookie.  You might be familiar with tiny bits of text websites can set, known simply as “cookies”.  These bits of text tell the website when you visited last, what page you were on, hold your bank account number (in case you were wondering why you had to re-enter that everytime Ccleaner runs on your system), etc.  Well, now cookies have grown up and can be more than just tiny txt files.  Now they can be flash files as well, which are far more functional than mere text files.  They have so much functionality available that criminals have learned how to use them as well.

So to prevent flash cookies from being set on your system any more frequently than necessary, only enable flash for websites where you absolutely MUST have it to view the content, such as watching a youtube video, a flash-based slideshow presentation, or a music player.  Even Facebook, while built on the AJAX platform will still operate just fine without flash enabled.  Its amusing to be honest, to visit a website with flash disabled, and notice a flash plugin spring out of the bottom left corner and disappear just as quickly.  I know such a site was unable to get their desired information from me.  If those webmasters are wise, they will still use a text-based cookie when they can’t set a flash-based cookie, but its still amusing to observe just the same.

So while you are reading this note, take a moment to go up to the absolute top right (below the red x in windows) of your screen, and find the settings icon.  This icon looks like several lines in a stack in both Firefox and Chrome, and may look like a gear or be hidden under the help menu item in other browsers.  Change flash from always run to ask to run, and ensure just that much more safety on your computer.

Hopefully Adobe fixes this vulnerability in short order.  Until then, stay safe and be careful where and how you surf.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.