F-22s arrive at Langely

But if it's on my computer, it can theoretically
be run, with or without a browser.

True, but not a significant problem, IMHO. You can have a folder full
of viruses too, but unless they are =run=, there's no harm.

The problem isn't that [flash is] on the computer, but that it =runs=
when you hit a web site that wants it. Renaming the files or using a
different (flash-disabled) browser addresses that problem.

People should be using [html], not some third-party media tool.

Agreed, for the most part.

Jose
--
"Never trust anything that can think for itself, if you can't see where
it keeps its brain." (chapter 10 of book 3 - Harry Potter).
for Email, make the obvious change in the address.

"Jose" wrote in message
. ..
But if it's on my computer, it can theoretically
be run, with or without a browser.

True, but not a significant problem, IMHO. You can have a folder full of
viruses too, but unless they are =run=, there's no harm.

The problem isn't that [flash is] on the computer, but that it =runs= when
you hit a web site that wants it. Renaming the files or using a different
(flash-disabled) browser addresses that problem.

If the program is on the computer, it can be run.

As an example, let's suppose there's no privilege escalation vulnerability
known in Windows, but one exists (known or unknown) in Flash. But there
*is* an code execution vulnerability in Windows somewhere. Having Flash
allows code to get at the escalation vulnerability even if it's not directly
runnable while browsing.

Now, I would agree that the likelihood of a privilege escalation
vulnerability in Flash is pretty low, maybe even impossible. But that's not
to say that there can't be worse vulnerabilities in Flash than in more
mundane, more commonly used Windows components. Simply having Flash on the
computer exposes one to those vulnerabilities...if *any* code execution
vulnerability exists, then it doesn't matter whether Flash is enabled in the
browser or not. It can be run by hostile code.

Pete

If the program is on the computer, it can be run...

This is true. This is why a real virus should be =removed= from the
computer, and not simply allowed to reside peacefully. Flash however is
not in that category. It is merely an incredible irritant, which can
(at present) be programmed to turn on the microphone, and (in the
future) be programmed to do other things, which may or may not be
nefarious. Flash's primary sin is that it cannot be disabled in the
browser, like animation and other scripts. =Because= of this (I
speculate) advertisers like it, and =because= of that, the "this" will
never be changed. (Flash is free to vict... er, "users", but costs
money to programmers).

The lack of a disable switch is a deliberate choice which in my opinion
casts the evil eye on it.

Jose
--
"Never trust anything that can think for itself, if you can't see where
it keeps its brain." (chapter 10 of book 3 - Harry Potter).
for Email, make the obvious change in the address.

Peter Duniho wrote:
Simply having Flash on the computer exposes one
to those vulnerabilities...if *any* code execution
vulnerability exists, then it doesn't matter whether
Flash is enabled in the browser or not. It can be
run by hostile code.

On a previous Navy contract that I was on, we were not even allowed to
have Flash loaded on any machine that was on the network.... Since then,
I have ensured that no machine on my home network has it either...