4 Replies Latest reply on Apr 11, 2014 11:36 AM by Mike M

    How do we verify/validate that a Flash player update is legitimate?

    RKF

      Is there a method for ensuring that one down;oads and installs only legitimate Flash Player updates?  For that matter, any Adobe update?

        • 1. Re: How do we verify/validate that a Flash player update is legitimate?
          pwillener Level 8

          Automatic updates will download from the adobe.com site; it's always legitimate.

           

          Pop-up notifications that redirect you anywhere else than an adobe.com (or macromedia.com) site are not legit.

           

          I personally always download updates manually on the day they become available:

          • 2. Re: How do we verify/validate that a Flash player update is legitimate?
            Mike M Level 6

            RKF wrote:

             

            Is there a method for ensuring that one down;oads and installs only legitimate Flash Player updates?  For that matter, any Adobe update?

            I believe it's called "discretion".

             

            If you don't trust it... don't download it... period.

            • 3. Re: How do we verify/validate that a Flash player update is legitimate?
              RKF Level 1

              That is not an answer.   What characteristics/attributes would one look for

              to acquire said trust?

               

               

               

               

               

               

               

               

               

               

               

               

               

               

               

               

               

               

               

               

               

               

               

               

               

               

               

              Robert K. Ferguson CISM, CISSP, CCSK, IAM, MSIA

              Senior Information Assurance Consultant

              7383 Rodeo Court, Annandale VA  22003

              H: 703.354.8205 M: 703.946.6082

              • 4. Re: How do we verify/validate that a Flash player update is legitimate?
                Mike M Level 6

                RKF wrote:

                 

                What characteristics/attributes would one look form to acquire said trust?

                That's a loaded question simply because of the most obvious answer, which would be "Look for the Adobe® logo".

                Problem is: there are THOUSANDS of fake sites and even more fake download "popups" with illegally used Adobe® logos in them.

                You'll see legitimate "notifications" on booting up if there's an update available. The Adobe Application Manager and Adobe Updater use system date & time to notify you when an update is available. Reader and Flash Player have "scheduled" update implimentation coded into the install. These update notifications will happen when you're not online, and will appear on your desktop with a "charcoal & red" themed window, and in the case of Reader, a system tray icon as well.

                 

                ANY legitimate online Flash Player update notification will appear in lieu of Flash content in a reputable site (YouTube, CNN, etc.) and will contain a "hoverable" link that will show in your browser's status bar as "http://get.adobe.com/flashplayer/".  ANY link that points anywhere other than that should not be trusted... at all, even if it has "adobe" in the url. Many fakes will add those five letters to their fake download url to fool people. They'll also use words like "WARNING" and "BEWARE" which Adobe doesn't use.

                 

                Adobe.jpg

                A legitimate update doesn't need to, and WON'T, "scare you into downloading it".  They also offer things like "Flash Player Pro" (which doesn't exist), or a version number that hasn't been released yet. A simple right click on ANY flash content will pop up a menu and "About Flash Player" in that menu will tell you what version you're currently running.

                3.jpg

                If you see something that doesn't look right, like "13.3.1.182" available, when you have a current version that's 13.0.0.182... don't trust it. Flash Player doesn't jump that far that fast.

                 

                That's why I say discretion is best.  I know several people who will click on a link just because it pops up. A few of them are clients and it's gotten to the point that I no longer feel bad about charging them $80 for 10 minutes time to clean up a mess they've made because I've warned them repeatedly NOT TO CLICK things when they don't know what they are or where they came from or where they lead.  I/T managers have to lock systems down to keep employees from doing that or they'd be fixing their systems 24/7. Not so easy with personal computers, especially if kids use them.