Kitz ADSL Broadband Information
adsl spacer  
Support this site
Home Broadband ISPs Tech Routers Wiki Forum
 
     
   Compare ISP   Rate your ISP
   Glossary   Glossary
 
Please login or register.

Login with username, password and session length
Advanced search  

News:

Pages: [1] 2

Author Topic: Chrome will block Flash Adverts from 1st Sept (From SANS)  (Read 6913 times)

AArdvark

  • Kitizen
  • ****
  • Posts: 1008
Chrome will block Flash Adverts from 1st Sept (From SANS)
« on: August 29, 2015, 02:50:08 AM »

 --Chrome Will Block Flash Advertisements
(August 28, 2015)
As of September 1, 2015, Google's Chrome browser will freeze
"non-essential" Flash advertisements by default. The ads will play only
if users click on the "Run This Plugin" button that will appear with the
ad. "Essential" Flash content, including embedded video players, will
be permitted to run automatically.
http://www.theregister.co.uk/2015/08/28/google_says_flash_ads_out_september/
[Editor's Note (Pescatore): Adobe had a decade to try to make Flash
secure, didn't. In any event, hard to think of any animated
advertisement I would miss if it went away.
(Murray): Opt-in is the right default.  That said, our tolerance for
Flash is a measure of our tolerance for risk.  By that measure we are
not very serious.  Flash is "historically broken," not getting better,
a weak point in the browser, the desktop, ubiquitous, persistent, and
ultimately a risk to the infrastructure.]
Logged

Weaver

  • Senior Kitizen
  • ******
  • Posts: 10509
  • Retd s/w dev; A&A; 3x7km lines; Firebrick
Re: Chrome will block Flash Adverts from 1st Sept (From SANS)
« Reply #1 on: August 29, 2015, 02:53:58 AM »

One nice thing about using an iOS device then, Flash can go and get stuffed.
Logged

AArdvark

  • Kitizen
  • ****
  • Posts: 1008
Re: Chrome will block Flash Adverts from 1st Sept (From SANS)
« Reply #2 on: August 29, 2015, 02:56:38 AM »

The stupid thing is it is very easy to block Flash so you can choose when to run it.
This works in Firefox & Chrome.

People just do not configure their browsers correctly.

:)
Logged

Weaver

  • Senior Kitizen
  • ******
  • Posts: 10509
  • Retd s/w dev; A&A; 3x7km lines; Firebrick
Re: Chrome will block Flash Adverts from 1st Sept (From SANS)
« Reply #3 on: August 29, 2015, 03:05:34 AM »

I wonder how to selectively block it in IE. IE is exceptionally configurable and of course can be administered by group policy which can lock down settings. that's one reason why I have mandated the use of IE only, and other browsers are restricted to very savvy users or have to live in VMs.
Logged

AArdvark

  • Kitizen
  • ****
  • Posts: 1008
Re: Chrome will block Flash Adverts from 1st Sept (From SANS)
« Reply #4 on: August 29, 2015, 03:30:24 AM »

@Weaver

How would you want the Flash addon to run ?

Do you have specific websites that you want to allow?
Do you have a defined rule you want to follow?

Just trying to understand what you want as there is some configurability available in IE but not as easily set up as Firefox & Chrome.

Logged

Weaver

  • Senior Kitizen
  • ******
  • Posts: 10509
  • Retd s/w dev; A&A; 3x7km lines; Firebrick
Re: Chrome will block Flash Adverts from 1st Sept (From SANS)
« Reply #5 on: August 29, 2015, 05:16:21 AM »

Its too long since I used IE or Windows, but control over Flash would have to be per-zone, using the IE security zones model, I think. It's the only place where URL-specific conditions can be set, afaik.

Nowadays, I would probably just remove Flash altogether, and maybe put it inside a VM instead, if someone absolutely has to have it.
Logged

AArdvark

  • Kitizen
  • ****
  • Posts: 1008
Re: Chrome will block Flash Adverts from 1st Sept (From SANS)
« Reply #6 on: August 29, 2015, 05:30:15 AM »

@Weaver

You can specify in the activex add-on itself the url's that are allowed to run Flash. See below:

Defaults to * for all websites but can be changed. (Delete the * and it equals no website can run Flash.)

Logged

Weaver

  • Senior Kitizen
  • ******
  • Posts: 10509
  • Retd s/w dev; A&A; 3x7km lines; Firebrick
Re: Chrome will block Flash Adverts from 1st Sept (From SANS)
« Reply #7 on: August 29, 2015, 11:34:56 AM »

@Aardvark  - thank you so much for that. I'm not the only sysadmin that will find that tip useful. It's a long time, too long, since I looked at this.
Logged

Chrysalis

  • Content Team
  • Addicted Kitizen
  • *
  • Posts: 6727
Re: Chrome will block Flash Adverts from 1st Sept (From SANS)
« Reply #8 on: August 29, 2015, 11:58:54 PM »

I wonder how to selectively block it in IE. IE is exceptionally configurable and of course can be administered by group policy which can lock down settings. that's one reason why I have mandated the use of IE only, and other browsers are restricted to very savvy users or have to live in VMs.

you dont even need to do that.

goto the addons configuration in IE, double click flash and you will see a default whitelist of *, remove it.  Thats it.  --edit-- aardvark I see posted a pic of how to do it --

Now it will be blocked by default and you will get a prompt to whitelist on a site if you want to when viewing a site.

The things I use that still use flash are.

1 - TBB speedtest.
2 - Twitch
3 - speedtest.net
4 - nbc sports
5 - bbc news
6 - random sites that seem to have flash embedded in their code as I occasionally get asked if I want to allow flash code to run, even on non multimedia sites. (note i never allow it on these sites and they dont break).

Apparently on phones etc. bbc uses html5 tho, so seems they too lazy to update their desktop content. TBB has a html5 tester but isnt rolled out to members, mrsaffron seems very slow at code changes.
« Last Edit: August 30, 2015, 12:50:54 PM by Chrysalis »
Logged
AAISP - Billion 8800NL bridge & PFSense BOX running PFSense 2.4 - ECI Cab - LINE STATISTICS CLICK HERE

AArdvark

  • Kitizen
  • ****
  • Posts: 1008
Re: Chrome will block Flash Adverts from 1st Sept (From SANS)
« Reply #9 on: August 30, 2015, 12:02:21 AM »

@Chrysalis

Is that a temporary whitelist just for that session?

Don't use IE at all, just know enough to use it if I must. :)
Logged

Chrysalis

  • Content Team
  • Addicted Kitizen
  • *
  • Posts: 6727
Re: Chrome will block Flash Adverts from 1st Sept (From SANS)
« Reply #10 on: August 30, 2015, 12:04:24 AM »

no it gets listed in that box you did a picture off so saved between sessions.

Sadly if you want to remove an entry you can only do so by wiping the entire whitelist, although it may be possible to remove just one entry in the registry.
Also I recommend doing the same for java and silverlight if they installed.

By the way I configure my IE so it runs like scriptsafe on chrome, or noscript on firefox.

1 - change the default zone to match restricted zone settings.  Or at least block javascript and web fonts.
2 - change the trusted zone to the normal default internet zone settings.

Now by default javascript is blocked when browsing, sites like google can add to trusted zone.

One way of an easy temp allow in IE is to keep the activex filtering option enabled by default (will block flash etc.), then on the occasions you want it, untick it.
« Last Edit: August 30, 2015, 12:09:45 AM by Chrysalis »
Logged
AAISP - Billion 8800NL bridge & PFSense BOX running PFSense 2.4 - ECI Cab - LINE STATISTICS CLICK HERE

AArdvark

  • Kitizen
  • ****
  • Posts: 1008
Re: Chrome will block Flash Adverts from 1st Sept (From SANS)
« Reply #11 on: August 30, 2015, 12:13:33 AM »

no it gets listed in that box you did a picture off so saved between sessions.

Sadly if you want to remove an entry you can only do so by wiping the entire whitelist, although it may be possible to remove just one entry in the registry.
Also I recommend doing the same for java and silverlight if they installed.

Still justifies my Firefox preference then  :D
Dumb to not allow a list to be edited after you allow it to be added to  ???
Try not to use Java & Silverlight and lock them down rather than give them any extra permissions, if I need to use them.
I live with a few extra prompts/pop-up questions but it ensures that when I browse I know what is/is not being loaded.  :D :D
Firefox + Adblock Plus + NoScript at a minimum is my preference. (I know Firefox can be memory hungry but that is acceptable to me. I have lots of memory)
Logged

burakkucat

  • Global Moderator
  • Senior Kitizen
  • *
  • Posts: 34873
  • Over the Rainbow Bridge
    • The ELRepo Project
Re: Chrome will block Flash Adverts from 1st Sept (From SANS)
« Reply #12 on: August 30, 2015, 12:43:22 AM »

Firefox + Adblock Plus + NoScript at a minimum is my preference.

Firefox + Adblock Plus + Flashblock + Ghostery is my recipe.  :)
« Last Edit: August 30, 2015, 12:46:59 AM by burakkucat »
Logged
:cat:  100% Linux and, previously, Unix. Co-founder of the ELRepo Project.

Please consider making a donation to support the running of this site.

Weaver

  • Senior Kitizen
  • ******
  • Posts: 10509
  • Retd s/w dev; A&A; 3x7km lines; Firebrick
Re: Chrome will block Flash Adverts from 1st Sept (From SANS)
« Reply #13 on: August 30, 2015, 12:49:00 AM »

I remain an informed and very experienced IE fan, having looked at every other web browser under the sun. I do like Opera though, but IE's security (split privilege and security zones) and configurability wins out over everything else. I couldn't let my users use something that can't be completely locked down and made tamperproof. I always run the 64-bit version of IE, which is not the default in Win7/Vista, as it's even more secure because malware would need to be 64 bit and I'm not sure that miscreants can be bothered to write x64 code although maybe someone could enlighten me on this?

I also use SRP and group policy heavily, and no users including me ever run as admins.

It's no good scorning me or trolling me because I thought about this for 20 years. :-)  :P
« Last Edit: August 30, 2015, 12:52:58 AM by Weaver »
Logged

loonylion

  • Reg Member
  • ***
  • Posts: 723
Re: Chrome will block Flash Adverts from 1st Sept (From SANS)
« Reply #14 on: August 30, 2015, 12:50:19 AM »

I'm now almost at 2 years with neither flash nor java installed, it hasn't been a major inconvenience.
Logged
Pages: [1] 2