"Safe" way of running Flash under Firefox

Hi,

I tend NOT to install Flash on outward facing machines just to eliminate one more set of bugs, opportunity for advertisers, cookie jar, etc.

SWMBO has been increasingly grumbling about not being able to view the (silly) videos her friends send her way. (sigh)

So, I'm looking for options on "safe" ways to provide her with that without adding to the amount of maintenance I have to do, here. (e.g., even updating Flash is considered a maintenance task!) Ideally, have Flash *off* until she finds *a* video that she wants to view; turn it on to view THAT video; then have it OFF, again.

One approach is to set up another machine for her to muck with. Then, just "restore" it periodically when it gets wonky.

Second is to run browser in a sandbox so nothing is persistent.

Third is to install some plugin (?) and hope it does what I want.

etc.

Thanks!

--don

Reply to
Don Y
Loading thread data ...

Is Flashblock not suitable for this purpose?

Sylvia.

Reply to
Sylvia Else

Dunno. That's why I've asked (*I* have no need for flash videos so don't miss the extra resources spent on it, advertisements presented by it, etc.)

Thanks, I'll take a look at it.

Reply to
Don Y

She can do exactly what she *wants* -- if SHE wants to assume responsibility for maintaining HER computer! :>

She notices how much time her friends have their computers "down". How often they claim to need to be "replaced". How much spam they receive. etc.

And, notices how LONG ours stays up, "clean" and spam free. Makes the choice a no-brainer for her! ;-)

(especially in light of the videos typically being silly wastes of bandwidth: "Oooo, look! A cat climbing into a tiny box! I'm *so* glad I didn't miss that!" NOT)

That's what I'm looking for, then. E.g., like ancient versions of Mozilla that would let you turn *images* (pictures) on and off from the menu bar.

Reply to
Don Y

Apparently, Flashblock relies on Java script running (i.e., NoScript interferes with it).

It seems the most reliable solution may just be to build a "secured" machine just for those times when you want to engage in these sorts of activities. A disturbing number of security issues listed for Flash suggests it will continue to be a "risk" issue.

(sigh)

Reply to
Don Y

Don Y wrote in news:m1aho5$7fo$ snipped-for-privacy@speranza.aioe.org:

NoScript + FlashBlock is a good combo. Have NoScript set to block Flash in general apart from specified sites e.g. YouTube and Vimeo. FlashBlock then cuts in on a permitted site to ensure the only Flash that plays is the one the user clicked.

You will probably have to do the maintenance of adding permitted sites.

--
Ian Malcolm.   London, ENGLAND.  (NEWSGROUP REPLY PREFERRED)  
ianm[at]the[dash]malcolms[dot]freeserve[dot]co[dot]uk  
 Click to see the full signature
Reply to
Ian Malcolm

It might be worth running a double-NATted network,i.e. run an output port o f your current router into the WAN port of a second one, and running her co mputer off that. That way you have two isolated subnets, so whatever gets on to her computer probably can't see yours.

Cheers

Phil Hobbs

Reply to
Phil Hobbs

YouTube would probably address most of the "silly" videos that friends point her at.

But, not all. E.g., the grumble that prompted my post was her inability to preview a sample of an (commercial) instructional video. The site would never make it onto a general whitelist so I'd still have to "drop everything" and "make it work".

I set up a small "lab" of XP computers with SteadyState about a year ago. As they would be used by kids (teens), I assumed places like YouTube would be high on their lists of preferences. So, installed Flash, etc. Added the "final" XP updates when those were released. Then, locked everything down.

I've not heard any complaints (bugs, lockups, etc.) so I suspect it has worked well for them.

I think I will try a similar approach, here, for SWMBO. Set up a laptop for her to use for these sorts of things. Create a persistent partition for the stuff she *wants* to save (so she isn't forced to use a thumb drive for everything). Then, just image the "volatile" portion of the system and hide a compressed (encrypted?) version of the image on a maintenance partition and arrange for it to be decompressed onto the volatile partition at each boot.

That should allow me to get the SteadyState features beyond XP (IIRC, SteadyState is not supported beyond XP) without relying on any (buggy? vulnerable??) COTS implementation (e.g., I think W7 has some hooks that would effectively support this sort of behavior -- but, that relies on W7 itself not having bugs!)

Alternatively, I could build a live CD of a minimal NetBSD system and just use the magnetic disk to store persistent things like bookmarks and email.

In either case, I'd be able to walk away and leave her with simple instructions on how to "compute safely": reboot each time you switch between a "risky" activity and one in which you want to be "protected" (eCommerce).

Reply to
Don Y

My machines aren't routed. No chance of *anything* finding them as there is no connection between them and the outside world.

Currently, we share *this* machine for email and surfing, exclusively (no other apps, here). And, don't store anything "precious" on the machine (i.e., if the disk dies, no real loss!)

[Recently had exactly that sort of failure -- boot sector became unreadable. I opted to recover the email and bookmarks stored on the old disk before scrapping it. And, took the opportunity to upgrade "this" machine (faster processor, smaller/quieter "CPU", bigger display, nice clean keyboard, etc.)]

This keeps the cost of maintaining *this* "visible" machine close to zero! I'd like it to remain that way :>

Reply to
Don Y

I run my various machines with minimal protection. I have a virus and malware scanner and not much else. No blockers, inspectors, sniffers, scanners, snoopers, shims, filters, or browser plug-ins. My experience with most of these is that the effort to keep them working and configured is excessive.

Instead, I run an image backup on my C: drive after I shut down the computer. This week, I use Acronis True Image 2014 (not 2015). It backs up EVERYTHING to a USB or NAS disk drive and then shuts down the computah. With USB 3.0, it backs up at about 3 GBytes/minute on my aging hardware. The laptop is a bit more complicated, requiring that I remember to do the backup.

I have about 2 meltdowns per month that might require a restore or roll-back to a previous version. Usually, I can recover using Windoze System Restore. It's rarely caused by a virus, worm, malware, or evilware. It's from installing programs that don't quite uninstall correctly, break other programs, or simply make a mess when run. Never mind protecting against Flash security holes. I need protection against badly written installers, untested updates, and rush to market demos. For some customer, they also need protection against clueless kids using the computers for "games" and who tend to click on literally anything without reading or understanding what it says.

Also, when I'm browsing sites likely to have imbedded malware, or downloading Torrents full of software bombs, I use a VM (virtual machine). If my download blows up (which happens occasionally), I simply wipe the VM, reload a fresh copy from a DVD, and try again.

Nobody does backups until after they've had a disaster, so I don't expect this advice to be universally applicable. For my customers, I don't try to push backup systems. I just wait until they trash their machine, or lose important work files, and then offer my solution.

--
Jeff Liebermann     jeffl@cruzio.com 
150 Felker St #D    http://www.LearnByDestroying.com 
 Click to see the full signature
Reply to
Jeff Liebermann

Agreed. We don't even run an AV product, here. Firewall in the router and "good practices" regarding where we visit, what attachments we open, no "automatic updates", etc.

I do it the other way around: backup *before* the machine sees any use (so I can restore it to that pristine condition at any time). Thus, the rule is "take anything you want to save OFF the machine ASAP cuz there's no guarantee it will be available at some future date".

I think adopting a practice of automatically doing this at each reboot may be the simplest solution. Especially if you can keep the system image small (without lots of other "cruft" applications -- that also reduce its reliability!)

I will "rescue" a friend or neighbor exactly ONCE. And, make it abundantly clear to them that the next loss will be permanent (or, "at their expense"... oh, and, BTW, I'm not in that BUSINESS so you'll have to find someone to hire for that!)

Reply to
Don Y

I just set flash to "ask to activate" in the tools=>add ons in FireFox.

I've never had any trouble with gunk that was difficult to back out. Lucky? Perhaps.

Reply to
krw

Actually, quite so! Her friends are vocally envious of my attentiveness, the amount of time I put into supporting her activities and interests, my presence at the "functions" important to her, etc. It is usually

*painfully* obvious which spouses are absent -- perpetually!

"Has he got a brother??"

But, then again, we possibly have a different idea of what to expect from mates than they might...

[Of course, I can't blame those folks who don't have the skillsets to maintain the various things that I regularly maintain, here...]
Reply to
Don Y

don't try to push backup systems. I just wait until they trash their machine, or lose important work files, and then offer my solution. "

Excellent marketing strategy.

I also prefer the backup method. If the machine has IDE, in goes an old drive. Even Windows 7 should fit on a 20 GB. Then a cloning program once everything is in. Thenunplug the little loaded drive and duct (or duck) tape it to the bottom of the case.

Problem is I have to do this to my laptop. I got a couple of versions of software you just can't get anymore. Friggin online installs...

Reply to
jurb6006

Image the drive *after* the install.

I modified the "factory restore" for some Dell laptops so that it would restore the system I had *built* for the laptop -- instead of the image that the factory wanted in place (which would have required reinstalling all the MS updates *plus* the various applications).

Allows me to get out of the "support" business: "Your machine is wonky? Probably from crap that you let creep onto it! Cycle power. Press ^F11 when the blue banner appears. Wait 3 minutes and you're good to go!"

[Yeah, well, if your machine was so wonky that you couldn't access any of your "documents", then they're just *gone*. Too bad...]

I'd like to repeat this exercise for a more "universal" restore (not rely on features on a particular laptop/BIOS/etc.)

Reply to
Don Y

ElectronDepot website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.