Lost ability to delete Flash cookies

[Darts]

Hi.

 

I lost the "Adobe Flash Player" function in "Applications\Multimedia" section. That feature is flat out missing.

I suspect this happened when I uninstalled the Internet Explorer/ActiveX version of the Flash program. If that's the case, that should not have disappeared as I have Flash installed in Firefox. Any idea on what happened?

 

CCleaner version: 2.32.1165

[Jamin4u]

Hi Darts, and welcome to the forum.

 

I think it's under Firefox as a plugin.

[Darts]

Hi Jamin4u! Thanks.

 

I'm sorry, it's not under Firefox-Plugin. Under Firefox I have Cookies, Download History, Internet Cache, Internet History, Saved Form Information and Compact Databases.

[Jamin4u]

If you can use Flash Player with Firefox, then you must have it installed.

 

Many people here use Firefox so check back for more detailed help.

[Alan_B]

I'm sorry, it's not under Firefox-Plugin.

 

You are right - and you are also wrong ! ! !

 

It is now, for me, a Firefox-Plugin.

Before I went through exceptional objectionable hassle by Adobe, it was NOT a plug-in.

 

Reasons to hate Adobe:-

 

Flash is always ridden with malware vulnerabilities, and needs to be kept up to date. I hate it.

 

I have just gone through the update aggravation again, and it was far worse than previously.

 

I could no longer download and install.

(I have since been told there are hidden links buried away that still permit that).

Instead I was subjected to an apparent Malware attack by Adobe.

They offered me a button to click and install Flash whilst on-line

(I feel much safer and in control of my own destiny when I can do it off-line)

I clicked to install Flash and instead they started a new unexpected download of G*!$* DLM or some such rubbish which I aborted.

I looked in their FAQ's etc. and found that their new junk has a known security vulnerability that they had not yet fixed.

Don't you hate Adobe too ! !

I have been experimenting and will undo accidental damage by restoring a partition image made before experiments, so decided that my BOOT CD will restore that image regardless of Adobe harm.

I therefore allowed Adobe to do its worst to me, and was not disappointed ! !

Firstly they download their download manager for absolutely no reason;

Secondly they demanded that I shut-down Firefox so they could install their bag of rubbish.

Then their G*!$* DLM kicked into life and downloaded the wrong Flash

Then they demanded yet another Firefox restart so they could install the Flash Plug-in.

After that I un-installed the uninvited and unwanted extension G*!$* DLM.

I have now got Shockwave Flash Plugin - previously it was NOT the shockwave flavour nor was it a Plugin.

 

I have decided that for my safety, when I restore the pre-experiment image I will purge all FLASH,

and look forward to HTML5 filling the gap.

 

Alan

[Darts]

I know Flash is considered a plugin in regards to Firefox. My question is, why did I lose my ability to delete Flash cookies via CCleaner. I can delete Flash cookies via Adobe's site, but I can't via CCleaner.

[Aethec]

Probably because CCleaner uses the ActiveX control to check if Flash is installed. So...we'll have to wait until Piriform adds detection to the NPAPI (aka non-IE plugins) one:)

[Andavari]

The cleaner I made will detect the Non-Internet Explorer installation of Flash. It looks for the file NPSWF32.dll which is exactly what Firefox references but doesn't state the path when typing into Firefox's address bar:

about:plugins

 

I don't know if this works with Opera since in the past it stored the Flash plugin in it's own program folder. I also don't know if it will work with Chrome/Chromium based browsers, etc., it works with Firefox though.

 

 

This is the cleaner I made *Adobe Flash Player (Non-IE), requires winapp2.ini to work:

[*Adobe Flash Player (Non-IE)]
LangSecRef=3023
DetectFile=%windir%\system32\Macromed\Flash\NPSWF32.dll
Default=False
FileKey1=%appdata%\Adobe\Flash Player|*.*|RECURSE
FileKey2=%appdata%\Macromedia\Flash Player|*.*|RECURSE

 

Note that it has to be ticked to be activated in order to clean. It will be listed in the following CCleaner area:

Cleaner -> Applications -> Multimedia

[w33d3r]

The cleaner I made will detect the Non-Internet Explorer installation of Flash. It looks for the file NPSWF32.dll which is exactly what Firefox references but doesn't state the path when typing into Firefox's address bar:

about:plugins

 

I don't know if this works with Opera since in the past it stored the Flash plugin in it's own program folder. I also don't know if it will work with Chrome/Chromium based browsers, etc., it works with Firefox though.

 

 

This is the cleaner I made *Adobe Flash Player (Non-IE), requires winapp2.ini to work:

[*Adobe Flash Player (Non-IE)]
LangSecRef=3023
DetectFile=%windir%\system32\Macromed\Flash\NPSWF32.dll
Default=False
FileKey1=%appdata%\Adobe\Flash Player|*.*|RECURSE
FileKey2=%appdata%\Macromedia\Flash Player|*.*|RECURSE

 

Note that it has to be ticked to be activated in order to clean. It will be listed in the following CCleaner area:

Cleaner -> Applications -> Multimedia

 

Or....

 

Dont let flash player have the ability to save to its destinations in the first place, no matter what browser you are using....

 

<https://nodpi.org/forum/index.php/topic,1969.0.html>

 

Its a batch file you have to run as administrator once for each user - Forget about flash cookies after that

[Aethec]

Yes, but forgetting about Flash cookies also means no saved games in Flash games

[Darts]

I'll try some of the suggestions. I do play a few Flash games, mostly from MiniClip, so I don't think I want to totally block Flash cookies.

 

The thing that confuses me the most is, since I removed IE-Flash I cannot delete them via CCleaner; however, the Flash cookies it detected beforehand were all from using Firefox, not IE. I realise they are stored locally, but still...

[w33d3r]

Yes, but forgetting about Flash cookies also means no saved games in Flash games

 

Yes you are right, games like Brain buddies on facebook, broken because of the reliance on LSO's which anyone conscious of their privacy is not going to allow. Its a shame, but thats what flash is about, free stuff in exchange for tracking everything you do. Advertising/marketing is the value of flash

 

Newer versions of flash are getting more efficient at its ability to track you, the LSO settings only adjustable on adobes website is completely ignored if you are using private modes of browsing in the newer versions of browsers, when flash detects you are in-private, incognito etc it uses ram as a temporary storage and also increases the amount it can store to make up for the fact that it now has to respect your privacy mode and so attempts to grab more info about you in a shorter time.... the LSO settings are disregarded in those modes.

Flash also has realtime high speed communications with its behaviour tracking partners (all the time you are choosing subjects on youtube interested digital eyes are recording your choices, your personality, the likelyhood of your future choices as a picture of you is collated), and can utilise what adobe/omniture calls a clickmap, which can see where you're mouse is hovering, how long it stays there, what you click on... etc

Flash is also no longer dependant on javascript (though that still can be used), flashes actionscript now integrates with actionsource to provide functions totally transparent to the user.

 

Flash is getting sneakier, the worst thing is its installed in just about everyones computers because most websites use it. You cant browse for ten minutes without flash installed before something is bugging you to install it. I am looking forward to html5 but I do hope we have total control on the domain storage features on the computers we own.

 

Personally if its so privacy invasive that to restrict its abilities breaks it, then I dont want it. I object to the 'market penetration' of flash because it makes anyone with tighter privacy settings/habits feel bullied into installing software just to be part of the crowd and stay current.

 

The BBC recently is using flash for news clips, at the moment it will not work unless you allow LSO's to be set. Since this was found out the BBC have made the excuse on a blog that it is a transitional stage while they upgrade to the newer methods of flash. If nobody had noticed they would have left it as is no doubt.

For UK users who are forced by law to pay a license because of the BBC, we should be able to view anything BBC without any fees nor have to agree to any usage/privacy policies related to advertising and marketing. Infuriating.

[Aethec]

Aren't you a little paranoid ?

[w33d3r]

Nope, I just refuse to be cattle for big co's offering shiny sweeties with a hidden agenda they obfuscate. Hence the reason for development of such wonderful utilities as CCleaner, which is very good at weeding and cleaning out history, isn't that why we are here?

[Aethec]

Alright, let me put it with other words : LSOs will not do anything harmful unless the webmaster wants to. I doubt the BBC would spy its users

[Alan_B]

I am in full agreement with w33d3r.

 

My son published family photos on Photobox, and I has happy to view them on the Internet.

Suddenly I discovered a new arrival on my system,

a 130 KByte LSO secretly dumped when I looked at a photobox family album.

It was dumped on me in secret - they must have something about it that needs to be hidden

Its contents are obfuscated - they must have something about it that needs to be hidden

 

It is POSSIBLE that Photobox meant no harm and that the LSO only held helpful stuff,

e.g. references to each photo in the album to speed up processing of any print order I might place,

BUT there is also the possibility that if I do order then my credit card number would get in the LSO,

and anything in the LSO can be read by the site that planted it,

but I assume any other site I visit could also have the technical ability to access that data.

 

The Photobox Technical Help were unable to tell me anything about their LSO.

If they do not trust me with their secrets, why should I let them have a rummage through my secrets ?

Trust is a two way street.

 

Adobe is a never ending source of "vulnerabilities" that need continuous patching.

Why should I assume that Adobe LSO will not leak all my medical/financial history on every site I visit.

The Trojans should have looked inside the wooden horse - they could have set it on fire.

I refuse to make the mistake of trusting that any LSO contains stuff to do me good ! !

 

I am cautious about the sites I visit, and feel reasonably well protected by Comodo.

But Comodo cannot distinguish between a good webmaster and a bad webmaster.

Personally I see no reason to trust any unknown webmaster with secrets an LSO will give him,

and WHY only the Webmaster - surely anyone in a technical support capacity is also privy to those secrets.

In fact those secrets could be stolen by anyone with any sort of access to the web-site.

 

On a news item a few days ago about Identity theft, there was reference to an American victim.

She went to prison for default on loans and debts raised in her name by a desk clerk at a rental company.

You might trust the well paid chief executive of "Rent-me-a-Car",

but would you be comfortable with a desk clerk at one of his outlets taking a copy of your licence, birth certificate, and Credit Card number ?

Would you still be comfortable if you see that when a car is returned the initial copy was retrieved from a file and dumped in a waste bin, ready to be taken with the garbage unless a scavenger or the wind gets to it first ?

 

I am not paranoid.

I never Wipe Free Space or bother the shred/over-write files.

BUT I do not store my credit card numbers or banking passwords on the P.C.

and I intend to protect any data that would assist theft of my identity.

One LSO is able to steal the identity of myself and the whole family.

 

The last time my P.C. had malware was nearly 20 years ago, when every week there was a new incident because by son brought home from school every day a 5.25" floppy disc with yet another fantastic game. Fortunately re-installing DOS 3.?? was much simpler than re-installing and re-activating Windows.

I have NOT kept my computer clean by assuming that everyone in the world is nice.

 

Incidentally, why would anyone trust the BBC.

 

If they can find dirt they will publish it.

 

When the Falklands were invaded, our Navy was at war.

 

I vaguely recall that our ships survived direct strikes because the bombs did not detonate.

The BBC chose to publish the fact,

and as a result the enemy realised they were delivered at the wrong height/speed.

The enemy fixed their mistake which the BBC had informed them off.

The BBC sold us out to the enemy.

 

I think of the BBC as being run by left wing loonies,

and suspect that if their LSO fed back data it might be of interest to them.

If that data indicated you were a right wing politician with a mistress / mafia links / drug habits,

they could possibly have a special denouncement program just before the next election.

 

The BBC had high standards originally,

but that is all behind it now.

 

Alan

[Aethec]

If you don't want LSOs, disable cookies, too. It's exactly the same thing. An LSO cannot do anything itself ; it's just a file, and the site that created it (and only the one that created it - www.example.com can't read www.example2.com's LSOs) can write in it or read it.

If the Photobox webmaster wanted to take your credit card number (I don't know anything about Photobox - I assume there is some kind of paid accounts ?), he could do so by lots of ways - cookies, LSOs, javascript, ...

[Alan_B]

If you don't want LSOs, disable cookies, too. It's exactly the same thing. An LSO cannot do anything itself ; it's just a file, and the site that created it (and only the one that created it - www.example.com can't read www.example2.com's LSOs) can write in it or read it.

If the Photobox webmaster wanted to take your credit card number (I don't know anything about Photobox - I assume there is some kind of paid accounts ?), he could do so by lots of ways - cookies, LSOs, javascript, ...

 

Sorry but I do not consider your assurances to be acceptable.

 

Officially an LSO may be non-executable data - but what prevents data from hacking my system.

30 years ago I was designing real time embedded software computers to protect against fire and intruders.

They communicated with messages that COMMENCED with a byte count,

and the receiver ensured sufficient buffer space and then validated the length and checksum of the message before making use of the data. Anything wrong and the message was ignored and the sender had to re-send.

I was horrified when I first heard that P.C.s were being hacked through "buffer overflow exploits".

I do not understand why this incompetence persists after so many decades.

The Adobe track record suggests they are no better than M.S.

No one expected Buffer Overflow attacks to plant malware for Windows to execute.

Just because we do not expect a similarly devious attack via an LSO means our defences are wide open,

and tomorrow could be the day ! !

 

It is possible you may be correct TODAY but :-

1. LSO'S are always evolving and overcoming our defences, tomorrow they will take over and destroy us;

2. Even today if cookies are blocked via Adobe's website, that is ignored in private browsing mode.

Here I quote w33d3r above who said

"Newer versions of flash are getting more efficient at its ability to track you, the LSO settings only adjustable on adobes website is completely ignored if you are using private modes of browsing in the newer versions of browsers".

 

Question and Answer on http://www.cookiecentral.com/n_cookie_faq.htm#read_other

Q. Can malicious sites read cookie information used by another site?

A. Cookies are designed to be read only by the site that provides them, not by other sites.

So of course www.example.com SHOULD NOT read www.example2.com's LSOs.

 

I HAVE A SUPPLEMENTARY QUESTION,

IF ADOBE is such an excellent company that always succeeds with its implementations of design intentions,

how come Secunia and others are always warning us to update Adobe Reader(Adobe Writer/Adobe Whatever).

 

Warning from M.S. http://msdn.microsoft.com/en-us/library/bd70eh18.aspx

The browser can send the data back only to the server that originally created the cookie. However, malicious users can access cookies and read their contents. Do not store sensitive information in a cookie, such as a user name or password. Instead, store a token that you can use to look up the sensitive information on the server. Additionally, cookies can be tampered with, so any data in cookie should be treated with the same measures you use to prevent cross site scripting attacks.

 

Adobe NEVER get their software right.

They always have vulnerabilities that are eventually discovered and exploited,

and then we have to un-install the old and decide whether to risk the same aggravation with an "upgrade".

That is always a concern with Adobe Reader etc, the location of which is easily found.

 

The innocent naive user is unlikely to know that he has an infestation of Adobe LSO's.

Even if he is warned that last year's crop have known and exploited vulnerabilities,

how will he seek and destroy these "old" security holes when Adobe allows them to be hidden in unexpected places.

 

The first LSO that contaminated my system was detected when I compared C:\ with R:\ and looked at the new arrivals.

C:\ is my system drive, and R:\ is a copy of C:\ when I know the system is clean and free from all malware, rubbish, and any experimental downloads I may have forgotten to delete.

I doubt that many naive users would know when they get LSO contamination.

 

You know nothing about Photobox, neither do I, NEITHER DOES PHOTOBOX.

Their technical support did not even know that they had started to pollute everyone with LSO's,

and they had no clue about what data they may be scattering across the Internet.

 

Originally I only looked at the photo's on Photobox. I was happy.

Then my wife decided she that she wanted some printed on glossy paper and posted to us,

so I broke habits of a lifetime and bought on the Internet with a credit card.

I had no fear that the Photobox Webmaster would steal my Credit Card Number.

 

I remain confident that there are "Operating Procedures" in place to ensure compliance with legislation concerning protection of customers credit card information.

I would hope that any file with critical credit card data is encrypted and held far more securely than my order preference (e.g. bordered/borderless prints, first class/second class postage etc.)

There should be (and hopefully is) access control restricting who can access this information, and logging all blocked attempts by people that have no business trying to view the data.

It is possible that rules could be broken and there might be a print-out that misses the shredder and falls in the waste bin, and the night-shift cleaning lady might retrieve the printout and use my credit card number.

I am not worried because a lot of things would have to go wrong, and VERY FEW PEOPLE would see that data,

and the worst that the cleaning lady could do is run up a shopping bill and the Credit Card company would "take the hit" - it would not be my loss.

 

Then Photobox "improved customer experience" by adding LSO's.

Immediate and repeatably consistent results :-

Unable to select a few photos from an album until the entire album was pulled into Firefox memory,

Windows ran out of memory and and shut-down firefox.

Launching Task Manager and retrying I observed that Firefox started with less than 100 MB in use,

and it steadily increased to about 1300 MB before Windows had no more to give it.

After this disaster I found Photobox had given me what turned out to be my first Adobe LSO "hickey".

 

That browsing session learnt very little from me apart from my user name and password and the album I selected to view, but it still learnt enough about me to plant on me a 130,000 byte sized hickey.

Imagine how much more of my disc space would have been gobbled up had it not destroyed Firefox.

 

I still hope that the Photobox webmaster is a good guy.

I have a very definite fear that any of the LSO data which Photobox receive will NOT be protected to the same degree as my purchase order with Credit Card Number.

Due to lack of protection the night-shift cleaning lady is more likely to find LSO data printed and discarded,

but it will still be the Credit Card company that takes the hit, and the cleaning lady is unlikely to have the ability to use this number for identity theft and the creation of new accounts in my name.

BUT A SECOND CLASS HACKER IS ANOTHER MATTER. He may not have the skill to penetrate the Credit Card file,

but he may get into the LSO data file, and either he or his contacts would be able to progress from there into theft of my identity and creation of new accounts and debts in my name.

 

THE DEFINITE VULNERABILITIES FROM ADOBE HICKEYS :-

Photobox Technical support were not aware that they had started to use them,

It is practically certain that Photobox do not protect LSO data as well as Credit Card data,

so a second rate hacker that cannot penetrate the official customer account details may still get at the LSO,

and thus get the credit card number from a place which Photobox did not realise was in need of protection.

I criticise Photobox because they planted the only hickey on my machine.

I have the same strong feelings about ANY web-site that plants hickeys on unsuspecting visitors.

 

I NEVER ALLOW MY BROWSER TO LEARN MY CREDIT CARD NUMBER,

AND IT IS UTTERLY REPUGNANT TO ME THAT ADOBE HICKEYS WILL NOW HARBOUR MY NUMBER,

AND REVEAL MY NUMBER TO ANY MALICIOUS SITE - AND EVEN INNOCENT SITES SUBJECT TO "cross site scripting attacks."

 

Alan