Results 1 to 3 of 3
2010-04-14, 14:24 #1
- Join Date
- Oct 2009
- Shoreline, Washington, USA
- Thanked 1 Time in 1 Post
IN THE WILD
Living without Adobe Flash Player or Sun's Java
By Robert Vamosi
Recent problems with Adobe Flash and Sun's Java are leading some users to do without either while surfing the Internet.
This week I'll discuss some of the latest Flash and Java problems and show you how to either disable these plug-ins or install anti-Flash/anti-Java apps.
The full text of this column is posted at WindowsSecrets.com/2010/04/15/06 (paid content, opens in a new window/tab).
Columnists typically cannot reply to comments here, but do incorporate the best tips into future columns.
Last edited by revia; 2011-01-20 at 14:48.
2010-04-16, 16:13 #2
- Join Date
- Feb 2009
- Hinsdale, IL, USA
- Thanked 157 Times in 131 Posts
First, go to http://www.askwoody.com. Java has been updated. (JRE 6 update 20, just two weeks after the last-previous update (JRE 6 update 19)).
Second, if you allow any auto-updater from Java or Adobe, you get toolbars for Yahoo or Bing silently installed along with the automatic updates. This is unacceptable!
Third, turning off Java or removing it will disable OpenOffice.org, The GIMP, and Firefox, among other software. Dumb advice.
Trying to use the Internet without Java or Flash is throwing out the baby with the bath water. Firefox with NoScript and NoFlash is a good adjunct to a good antivirus program with Web or Browser Shields. (Such as Avast! and/or Comodo Defense Plus.) And if you watch streaming videos on line, NoScript and NoFlash are royally painful to use! So many scripts, so how do you pick and choose only the safe ones? Even posting a comment at CNet News may require enabling a dozen scripts and two handfuls of Flash objects.
Who's going to put up with all of that? (Me for one, but not many others.) And more and more web sites are not allowing access to browsers which have NoScript running. Even Yahoo Web Mail has recently jumped on this bandwagon. Four pages of warnings just to see your mailbox!
What the AV vendors need to do is develop tools which stop scripts and flash objects before they can download, popping up alerts if any user decisions are required. "Block all, then Allow a Few" is the default which should be used. Not the current "Allow All, then Clean Up the Bad Ones" as is too often the current practice among AV products and firewalls, including Microsoft's built-in firewall.
Or, better yet, develop for Windows a browser which is truly isolated, or sandboxed, from writing to the Hard Drive during browser operations, unless a download is specifically allowed by the user. Install the browser on a per-user basis, with no Administrator Rights. Nobody has done this yet, but Google's Chrome browser is getting on the right track. The concept of browser virtualization comes to mind here.
HTML-5 will do nothing to mitigate the threats posed by rogue scripts. In fact, by making video and scripting integrated into the core HTML language, this update will actually increase the chances of successful browser-based Windows infections, and make web page components even harder to detect and defend against. NoScript and NoFlash will offer no protections against HTML-5 malware.
Isolate, virtualize, and defend by blocking everything by default -- these are the pillars of a better and more secure browsing experience. Maybe Windows 8 will address these areas. But so far, Windows development still seems to put safety last. So protect yourselves, as best you can.-- Bob Primak --
2012-01-14, 01:47 #3
As a side effect to this, every page I go to pops up almost instantly. Surprising since I'm on a netbook.