Another Day, Another Adobe Flash Exploit

Flash used to be what I would call “Update of the Day Club”.  Start your computer and get into doing what you need, and surprise of surprises, there would be an update window popping up for Flash.

We seem to be back to that.

It’s a nuisance because with at least Firefox, it forces you to close your browser and go through the nonsense necessary to restart it.  Since Firefox isn’t exactly 100% accurate in reopening pages and tabs, I hold my breath each time.

In this case, there’s no reason to trash Firefox.  There was an exploit found with “Shockwave Flash” as it shows up in the addons page and it tells you it wants to be updated.

Except.

There is no update as of this writing.

So? What do you do?  Tread lightly, my friend.  What you need to do is put yourself through a bit of annoyance or uninstall the blighted software completely.

Since the annoyance is less of a problem than uninstalling Flash at this time, I’ll show you how to do that.

What I am doing is to tell the browser to ask me to run it.  I was going to uninstall it completely.  Youtube does not use Flash as a default to play videos any longer, favoring the newer HTML5.  Facebook does use Flash and at this point it does not apparently use HTML5.

Here is how to go in and tell Flash to run when you want it.  It will leave an ugly placeholder in Facebook with the a grey Lego brick or the international symbol for no, and some warning messages, but you can always turn it back on to watch that particular video of a dog doing something cute if you really want to.

In Firefox:

In the address bar enter:   about:addons and hit enter to load the page.

On your Addons page:

  • Find Shockwave Flash
  • Click the button that most likely says “Always Activate” and select “Ask to Activate
  • click the link to “Check to see if your plugins are up to date” to open another tab.

On your “Check Your Plugins” Page

  • Click the big red button that says “Update Now” under “Potentially Vulnerable Plugins” and follow the prompts to update your Flash.
  • This space intentionally left blank.
  • Flash will update through multiple steps that are documented on Flash’s site.  
  • They include downloading a program.  
  • Make certain that you clear the box that asks if you want to download any “Optional Offer” like McAfee or any other “helpful” programs since they are not helpful and will simply clutter up your computer or it could even lock it up.
  • Flash’s install will require you to close your Firefox, so save your work.
  • Note:  As Of This Writing, there is no update to Flash that will fix this problem.  That is why I told you to set Flash to “Ask To Activate”.
  • Flash will not be updated on Android, Apple’s IOS, or Linux.
  • Flash will eventually be updated on Windows 7 or newer, or Mac OSX… just not as of this writing.

Youtube Prefers HTML5 Video to Flash – But What About All That Old Stuff?

Flash is one of those necessary evils.  It was like Java, reflexively installed onto computers that weren’t really quite up to the task of running it. Just checked, nope, I don’t have Java – and you should not either.

The computer would bog down, act cranky, and even crash when Flash was running.  Flash also has persistent cookies that you had to remember to delete.  Some people would have those cookies for years.  Security is a bear.

But there is one more nail is in Flash Player’s coffin.  Youtube is now preferring HTML5 over Flash when you watch videos there.

Why is that important?

More and more Flash had been the target of people wanting to hijack passwords, insert viruses, and track your movements with those persistent cookies.  Adobe had put more and more patches into it and it became a joke.  Start the computer, patch Flash, restart the computer and do your work – every single day. 

Worse, some people that I supported would simply tell the update check to go away and never come back.

You are getting closer to the day you can do that for good. Many of us already have.

My Linux computer, currently Xubuntu, is not even supported on current Flash Player, and I did an uninstall of it a couple weeks back.  I didn’t see the value of keeping an old piece of software on something that was running well without it and I almost never used.

My windows computer will get the same treatment.

About the only thing I ever do with Flash is to watch videos on Youtube.  The few games that I have kept over the years will get deleted.

That’s about the only problem that I see with this.  Videos can be streamed using “native tools” but the content that was created in Flash will simply go away.  Quite a lot has been created in Flash over the years, even a few Broadcast TV Programs, and many commercials as well.

After all, when was the last time you played a video tape?  Beta?  VHS?  Vinyl Records?

That is the kind of problem that Librarians have.  Content on a platform that is unsupported.  Music on Cylinder Beeswax Records from the Edison era.  78 RPM records.  Heck, I even have a few 45s floating around here.  Silly looking 7 inch donuts.

For most of us, it’s simply easier to find the track elsewhere and save it on something new.  But for librarians, especially archival libraries, they have to worry about that sort of thing every day.

Anyone still have and use a zip disc?  Nope?  Didn’t think so!

So the net result to you is that if you are running one of the four major browsers in one of the top four major operating systems on the desktop/laptop you’re fine.  Just make sure your browser is up to date.  Firefox, Internet Explorer, Chrome, and Opera all work with HTML5.

See, that’s easy!

The iPhone and Android based phones will typically use the Youtube client or the browser will take care of it.

One aside though, with Android, it’s usually recommended that you do not use the base browser and go out and grab either Firefox or Chrome.  The reason is that if you are on an older version of Android, Google is not going to support the old “Browser” browser.

So it’s just safer that way.  Listen to big brother even if it is a bother.

Ok?

Windows 7 – You Have Five Years Left

Start the drum beating.

Microsoft reminded us that yesterday, January 13, 2015, that they stop all support for Windows 7 on January 14, 2020.

Now for most people they will yawn and move on.  After all they will wear out the cheap $250 laptop they are using now and move onto another cheap $250 laptop by then, sliding it under the bed or into the closet and forgetting about it until cleaning day.

“Hey!  I need to do something about that old computer!”.

For large businesses who haven’t even migrated onto Windows 8, they will look at the notices and hopefully begin to plan.  It is five years in the future, and while you still can get Windows 7 today, the machines they buy today will still be in use in three years, and possibly five.

Most people just shrug and accept the operating system that comes with the computer anyway.  It’s easier and you don’t have to worry about it until it gets too many viruses and you start looking for an answer.  At $200 per “In Store” virus removal at a big box store’s “Squad”, it is probably cheaper to just “move on” and get new at the low end.

It’s not one of those doom and gloom things, after all.  You have five years.  The machine you are using to read this blather will most likely be “recycled” but it is something to consider.

If you are one of those poor folks who has soldiered on with Windows Vista, you have until April 11, 2017 – a mere two years and a bit.  Then the most hated operating system since Windows 8.0 will be completely unsupported, just like the dearly departed Windows XP.

To be fair, once you get all the Service Packs, Bug Fixes, and Additional Changes installed in Windows Vista, it works fairly well.  It’s just bloated, slow, and you’ll be better off on Windows 8.1 as well.

But for Windows 7, this means that you will still get patches, just no new features.  Virus updates, bug fixes, and any other patches will get sent along as usual, but nothing really new.

Oh, and about that old computer?  If it runs Windows 7, it probably can run Windows 8.  If it runs Windows 7, I am certain it can run some variation of Linux, and if you really are nervous about support, some of those server versions of Linux are supported for another 15 years while others get another 5 with easy upgrade paths.

After all, that is what this blog is written on – Linux on a hand me down computer.  But Linux isn’t for everyone, even if I did train a 69 year old lady and her 35 year old son how to use it. 

Great story for an interview, though!

Microsoft Discontinuing Their Advanced Notification Service for Patches

Not the best news to come out of Redmond in a while

For Mom and Pop, they’ll get the news the way they always had, their machine will restart on a Tuesday or Wednesday, they’ll ask someone what is going on, and they’ll hear “Patch Tuesday” out of their grand kids or their children, shrug and go on.  It’s all automatic, isn’t it?

For Businesses and IT support people, this Advanced Notification Service is more important. 

What happened was that it gave someone in the know the advanced notice that Microsoft was going to push a patch to their computers at some level on Patch Tuesday, typically the Second Tuesday of the Month.  It would tell them what the patch would do, and let them know some more background info on the patch.

Great.  It would also warn these people that if your computer is broken when it forces a restart, you may have to back out the patch and restore to an earlier time.  It may allow them a cushion of time to test their servers, create extra backups, revisit whether their computer security policies are up to date.

That Good Computer Hygene is a part of Information Technology.  They’re made by people, people sometimes have an oops.  Best to let them know what’s up and give advanced warning.

The reason you need this information is that it’s entirely possible your entire business sits on “That Computer In The Corner”.  They may not know what it does, but they do know it’s an important box.  They may call it The Server in hushed tones, and give it offerings of tapes from time to time.

They hopefully have backed the machine up, made sure that they could gracefully reverse changes and so forth.

For my own sanity, I turned off automatic updates years ago, and keep turning it off every time I get a new machine or upgrade one.  I then make it a point to manually go to Windows Update and get “up to date” a couple days later.

The reasoning I have behind that is that while Microsoft is diligent in making sure that things work, their tests don’t involve the machine that is in my lap in this exact moment.  That patch may be great on the box sitting three timezones away, but it may break when it gets to me, specifically. 

I tend to be on the trailing edge with Windows Update for that reason.

The blog posting that Microsoft made did say that the service will be available for a fee so their largest customers can manage their server farms with the information that isn’t getting out so widely.

Information leaks, it’s like carrying water in a leaky bucket.  Information will get all over your shoes and water the grass on the way in from the well.

But it does make things a bit less secure since Information is best used when it is widely spread.  It also puts the onus back on the individual or the person in the business who is charged with maintaining them.

Hopefully everyone has their Backups and their Restore Points set, right?

Oops. Caught myself there. It has been a week or three since I have done a proper backup.  Happens to the best of us and the rest of us.

While Manually updating Windows Update is what I personally do, it is a bit annoying and it is something you have to remember to do.  On the other hand, Automatic Updates is a bit like flying in an airplane without a seatbelt.  It is safer to fly than drive, but once in a long time something happens and you hit some turbulence.

It’s all up to you and that is what I think Microsoft is telling us – Security through updates are up to you, after all it is your data and your computer.  Just be aware best practices and of what is going on around you.

New Firefox and Other Browser Update Weirdness

I’m settling in to get some things done and notice a blurb.

There’s going to be a rollout of the next Firefox over the next few weeks.  I pay close attention to that because I use Firefox extensively.  I’d be lost without it. 

I’m so tightly trained to use Firefox that I have to step back and actually “think” how to use any other browser.  Since I use Windows 8.1, Windows 7, Mac OSX Mavericks, and Debian Linux on a daily basis as well as Android and an occasional toe dipped into Apple’s iOS, I have to remain as flexible as possible and Firefox is on all of those computers. 

Except the iPhone but I hardly ever use them.

I will eventually install Firefox on the Windows machines when it tells me that it is available.  I’m not in a rush.  The last time they changed the way it looks, the User Interface or UI, it borked it for me.  I ended up installing things to make it look the way it did before I updated the browser while growling at Firefox in general.  Keystrokes and mouse clicks and all that moved.  They removed the status bar. The bookmark strip got lost, or rather hid, and that stores some of your bookmarks.  They removed the title bar.

Why?  Never heard a reason, but I installed Classic Theme Restorer and it brought it all back.  Immediately after that I installed Adblock Edge to get rid of the blasted adverts and other nasties that hitch a ride onto your computer as a result.  More Privacy means for a faster experience as well as fewer viruses and spyware pushed onto your local computer.  Nobody actually “Likes” ads anyway, we accept their presence and usually are annoyed or distracted by them, but “Like”?  I doubt it.

Rule Number One of Software User Experience (UX) is if you change the way something looks, you will break the way people work.  I learned that back in the days of the Mainframe and College. 

Rule Number Two of Software User Experience is that if you do change it there will be unintended consequences.

In My Case:

I have a computer that has what they call a “Clickpad“.  It’s also running Debian Linux.  I know Linux in general fairly well, but Debian Linux doesn’t manage Clickpads well.  Clickpads are those weird trackpads that are flush with the case.  You click on the pad instead of having normal buttons like every other Synaptic trackpad. 

I do know that is fixed in the next version of Debian, and I do know how to fix it now, but it is an annoyance that I have to deal with.  It basically forgets that it has a physical button in Debian Stable/Wheezy, and you’re stuck with whatever you touch on the trackpad.  I only get a Right Click when I tap.  I have since configured a two fingered tap to be a Left Click.

What that all did change did is to break the way Firefox works.  You see, on that particular computer, I can’t Right Click.  I can’t get the pop up context menu.  They changed the UI right away from it. 

Since that machine is Debian Linux, I have to wait for the next version anyway.  It isn’t even using Firefox, but something rebranded as “IceWeasel“.  To put it short, and sarcastic, Debian had a spat with Firefox over the branding.  Since Firefox/Mozilla doesn’t want anything proprietary at all on their default install, someone in the Debian Project grabbed the source code, recompiled it, created the graphics, and renamed everything to IceWeasel.  It works like Firefox but is Older.  About a version back. 

If you’re running Stable, or Wheezy, you could be quite a few versions back.  Jessie has a more current Firefox, but it also has a lot more annoying bugs in it because it is “Testing”.

But Windows?  Yeah, you’ll get it soon.  Just remember Classic Theme Restorer and Adblock Edge, and you’ll be fine.

As for the Mac?  When it is available, you’ll get a blip on the bottom of the screen telling you you’re ready for an upgrade.  You can also go back to the old theme if you want, but I do recommend Adblock Edge as well.

Why the harping on the ads?  It’s a much faster browsing experience when you surf a page without the ads.  No blinky pictures, crawling things, or text ads.  If you don’t download them, you use less data.  Things pop faster.

Trust me on that one.  You can always turn it off later.

Hit Windows Update Yet This Week?

Oh yes, I will admit it, I am stubborn.

I don’t like people monkeying around with my computers which is why I told my windows computers not to go out and grab the windows update patches automatically.

Mind you, I did tell it to tell me when it wanted my attention and check for critical updates.

Small semantic point, but I prefer to be the person who pulls the trigger, and not the trigger that gets pulled.

However…

If you are like me, today is an excellent day to go to your favorite start button, find your Windows Update link in there or in Control Panel, and do a Windows Update.

They fixed a 19 year old bug that is in every version of Windows including and since Windows 95.

I tend to do my own checks later in the week, on a Thursday, although I have been getting reflexive about just hitting the damn button and doing updates whenever I think about it. 

You know, sometimes when you’re bored and you just want to do something that needs to be done and don’t want to really think about it?  I rearrange the deck chairs on the Titanic my own way, thank you very much!

The reason why I wait a day or two to do it “officially” is simple.  If you have your system go out and grab the updates as soon as they are there, which is typically on the second and fourth Tuesday at 1 PM in the Eastern time Zone or 6pm in London, and you restart your computer, you may have a bigger problem.  Once in a very long while, some of the same patches will break your computer.  It may not start.

So give it a day or three.   They may have to fix their fix after someone else broke it.

I know, eventually a person just has to shrug and say life moves pretty fast. If you don’t stop and look around once in a while, you could miss it. Ferris, do your updates and take your chances.

Today is my turn.  Actually later today is my turn.  I’ve been on Linux for the last two weeks and there’s a very different way of doing things there. I get a little sunburst in my control strip in the upper right and it tells me to go look.

Wait, Bill, How is that different?

It just is.  Now go check Windows Update, just because.

Thanks, Apple, But I Think I’ll Pass on Yosemite

I have computers on Windows, Mac OSX, and Linux.  Various levels and flavors of all of the above actually.

There’s always the question as to when or whether to upgrade them.

Linux is pretty simple – when your distribution changes, give it a week or so and listen to the chatter.  If the chatter is clear, go for it.  I’ve never had a problem here.

Windows.  I have a Windows 7 machine that won’t get upgraded because it’s an old Core 2 Duo machine.  It will either die before Windows 7 does or it will get given away.  Windows 8 became Windows 8.1 as soon as it was offered to me.  Windows 8 was an abortion, Windows 8.1 is manageable.  Just add Classic Shell and it cleaned up almost all of that Modern/Metro hideousness and pushed it aside.  Classic Shell made that ugly block land go away and replaced it with all the desktop land goodness that I need to get things done.  It’s still there, lurking under the hood, but I couldn’t tell you the last time I had to use one of those ugly blocky programs that Microsoft mistakenly thinks I need to slice, dice, and make julienne fries.  Other than network access which the Modern/Metro interface gets in the way massively and then drops you back to a desktop app to actually get the job done to disable and enable things.

I don’t.  ‘Nuff said about that.

Then there’s the Mac.  I always liked the sleekness and the design of them.  Beautiful hardware, a well thought out interface.  When I need to use my Mac, it is almost always a pleasure.  I got the thing, installed Snow Leopard, and it purred.  When the Mavericks upgrade was offered, it was free so why not?  I noticed no real problems there, and since I am a lightweight user of my Mac it’s fine.

I’ve heard reports that Mavericks slowed memory access from the prior version, Lion, but like I said: I’m a lightweight user so I don’t notice.

They put out a new operating system, Yosemite.  Since I knew about the memory speed issue, I thought I’d wait.  Let the experts go after it.

I’m glad I did because there are some privacy issues that made me uncomfortable with things.

Everyone likes having search functions on their computers and generally don’t think twice about how things are done.  What happens is that that information you are looking for is sent back to the program to check its indexes and report back to you when it finds what it thinks is the right answer.

That was all well and good back in the good old days when it was enough just to search this current computer.  Some smart people decided that they’d go out and do a search on the internet to give back more content.   It’s a built in function on the desktop called Spotlight that phones home to Apple and does that search. 

Fair enough if you’re actually doing an internet search.  But why do you need that search to go back to Apple if you’re just looking for a file on “this” computer?  If you are searching for movie information or maps, it’s going to send back your current location, as well as the current device you are on, and anything else that it thinks is pertinent such as language settings and what apps you have used.

To be fair to Apple, you can turn this off, but I have done enough support to know that unless someone turns that sort of thing off for you it won’t get done. 

The flip side to that is that if you have turned it off, location services are one of those things that get rather naggy to have turned off.  Your searches get a helpful prompt asking you to turn on location services and eventually you wear down and just leave them on.

Checking my Android phone, location services is turned on there, and we know that all that sort of thing goes on there with Google.  If you want a smartphone these days, you are either going to have Apple or Google put their hand in your pocket and watch over every move you make that they believe they need to, it’s part of the game.

The idea of having big brother was scary enough when I read 1984, but the reality is that we all now have that big brother in our own pocket and don’t think too much about it.

Nothing to see here, keep moving on.

All this was reported in the Washington Post’s technology blog a while back, and apparently Apple has been taking heat about their decisions to make these changes. 

There is a website called fix-macosx.com that promises to give you information how to take back some privacy and turn off some of Apple’s data collection.

This all is a change of heart since the old days where the Mac was more privacy friendly.  Now, they’re going all in and sucking down all this info while you happily go along with it.  Since Apple is notoriously tight lipped about what they do internally, I suspect that it will be a long time before we find out just exactly what they’re doing with all that data.

No thanks, I’ll pass.