The Flash Vulnerability Conundrum
One of my most frequent pieces of advice is ‘use the Firefox browser and install NoScript’. Since malware isn’t malware unless it involves a script, it won’t run with NoScript and you can’t get infected: you can go where you like on the internet in safety.
But it isn’t perfect safety. Flash is ubiquitous on the internet. If you’re running NoScript, it won’t run unless you allow it. This what you see:
So what do you do now? You can’t view the very reason you came to this site in the first place. The immediate reaction is probably to temporarily allow scripts on this site. But if you allow scripts, what else will you be exposing yourself to? And what about all the Flash vulnerabilities we hear about?
I’m afraid that there’s no easy answer to this conundrum. If you really want to be secure on the internet, then you run NoScript and never allow any scripts. Actually, if you want to be secure on the internet, you don’t go on the internet. Neither is very realistic for most of us.
There are two things you can do. The first is subjective. Ask yourself, do I really want to see this page? And then, do I really trust this website? If the answer is no to either question, just move on. If the answer is yes, temporarily allow scripts on this page or site – and hope you’re not wrong.
The second is simply to be aware. Watch the alerting systems and note whenever there is a new Flash vulnerability/exploit – and make sure you’ve got the latest version of Flash. You can go here to test the version you’ve got installed – provided you trust me, of course, because you’ll need to temporarily allow scripts to run the test 🙂
All we can realistically do is be as careful as we can.