Flash is an interface for rich Internet applications and the core technology behind several popular Web 2.0 web sites. We all have it and we can’t imagine how our Internet experience would be without it. But what about security and privacy?
Adobe allows you to configure Flash security settings via the Settings Manager. In a nutshell, it is a special configuration panel that is displayed only when visiting the Adobe Flash web site. The Settings Manager lets you manage global privacy settings, storage settings and security settings. The information is stored on your local computer.
Global Privacy Settings
The Global Privacy Settings panel lets you specify whether Flash applications must ask for your permission before using external devices connected to your computer (e.g. camera, microphone). You can select between two options: deny all attempts to access external devices, or require any Flash application to ask your permission.
Our recommendation: Unless you’re using Web 2.0 services (e.g. Odeo Studio) that must have access to your microphone or camera, you should deny all attempts to use external devices.
Global Storage Settings
Ever wondered how Google Video remembers your volume settings? The answer is simple: they use Flash-cookies. By default, Adobe Flash allows third-party Flash applications to store up to 100KB of data on your computer. That’s a whole lot of data. The Global Storage Settings lets you control how much disk space Flash applications may use to store data.
Our recommendation: Don’t allow any third-party applications to store information on your computer. We haven’t stumbled upon any application that really requires this option to be turned on. So, perhaps you’ll have to set the volume each time you view a video on YouTube, but at least no one will be able to track your online activities.
Global Security Settings
The Global Security Settings option lets your choose whether you want to allow older Flash applications to work with older privacy and security settings. What does it mean? Over time, as Flash content become richer, so did the Flash player. However, there are still Flash applications that were created using old version of Adobe Flash, thus they don’t support the newer privacy and security restrictions. You can choose between three options: Always allow, Always deny and Always ask. The default configuration is set to Always Ask.
Our recommendation: We suggest you to select Always deny. If you experience any issues with applications, then return it to its default – Always Ask. However, bear in mind that old applications may have malicious code that will utilize the lower security restrictions to steal data or place malicious code on your computer.
Although no attack vectors against Flash-based applications have been encountered, there’s always a chance that a zero-day vulnerability will expose you (and millions others) to attackers with malicious intent. By configuring the correct Flash security and privacy settings, you minimize the chance to be a victim of an attack.