4 Replies Latest reply on Mar 4, 2008 8:29 AM by Oliver Goldman

    AIR security issue??

      Has anyone find out AIR's file system could easily delete dll file in C:/WINDOWS/?
      This is a security issue that is one of my friend found out.
      Any explanation? Thanks first!
        • 1. Re: AIR security issue??
          Oliver Goldman Adobe Employee
          This is not a vulnerability, but rather by design. AIR applications are desktop applications, and like any desktop application they have access to system files, such as those found in c:\windows.

          Users are protected from desktop applications not because the applications can't access the filesystem but because the applications have to be _installed_ before they are run. Contrast this to web applications, which can be run without being installed but have greatly restricted access to the system.

          AIR has a carefully vetted installation process for applications, designed to help users make good decisions about which applications they trust. Users should never install applications that they do not trust.

          Oliver Goldman | Adobe AIR Engineering

          • 2. Re: AIR security issue??
            erinhome Level 1
            Got it!!
            Thk for reply. =P
            • 3. Re: AIR security issue??
              Fernando Bergamaschi Level 1
              Sorry for my ignorance. Air is not a file like pdf or flash but a program you have to install to see it. What is the risk of getting an Air file the will destroy all your programs? I suppose this can be more like a super virus. This security risk will not compromise the Air use and future?
              regards and thanks.
              Fernando Bergamaschi - Photoindustrial - DesigndeImagem
              • 4. Re: AIR security issue??
                Oliver Goldman Adobe Employee
                The risk of installing an AIR file that destroys your computer is about the same as installing any desktop application that destroys your computer. It's arguably a bit less because AIR does a more thorough job of establishing the identity of the application's publisher.

                In any case, this risk has proven small enough--and desktop applications useful enough--that desktop applications remain in heavy use. I expect the same will be true of AIR.

                Oliver Goldman | Adobe AIR Engineering