Securing Adobe Flash Player
Adobe Flash Player can be used for accessing web cameras and microphones connected to your computer, store cookies, supercookies and data on your computer's hard drive, and even upload content to other users. Therefore it is important to set Adobe Flash Player settings to safest possible - you probably know that critical security bugs are patched in it every month.
Adobe Flash Player ActiveX add-on is built into Internet Explorer 10 and 11 in Windows 8 and 8.1, and it is updated via Windows Update. You can configure its setting using the Flash Player applet in Control Panel described in this very tutorial.
Google Chrome and many other Chromium based browsers have a special "pepper" (PPAPI) version of Flash Player and its settings can be changed only at this Macromedia web page. Despite looking quite a bit different, its settings are pretty much the same as described in this tutorial.
Since version 17, Flash Player's Control Panel applet warns on the bottom of each tab that the settings are not applicable to Google Chrome and Chromium based browsers.
First, please make sure you are running the latest version of Adobe Flash Player by visiting Browser and Plug-in Check page. This is your first step towards better Flash security and privacy.
Please clear all check boxes in the Optional offers section before downloading Adobe Flash Player installer: you do not need to install the additional software. Only then click the Install now button.
To add a free protection layer from even unpatched security bugs, please read the Microsoft EMET article.
An easier-to-use (but not so powerful) alternative is Malwarebytes Anti-Exploit Free. Please see its tutorial on my other site, www.winhelp.info.
To manage Adobe Flash Player settings in Windows 8 and 8.1, use keyboard shortcut Windows Key+W to open Settings Search. Type "flash" into Search box and click Flash Player.
In Windows XP, Vista and 7, click Control Panel on the right side of Start menu.
In Windows Vista and 7 Control Panel, it is best to type "flash" into Search box on top right to quickly locate the Adobe Flash Player applet. You can also use Category View to locate it.
Then click Flash Player or Flash Player (32-bit).
In Windows XP, you must switch Control Panel to Classic View first. Do this by clicking the Switch to Classic View link on the left. Then locate and double-click Flash Player.
Flash Player Settings Manager opens in Storage tab. This is the tab related to Flash cookies and data that many companies (mis)use for tracking users' behavior online. While not all Flash cookies are sneaky, it is best to keep these away. Do this by clicking Block all sites from storing information on this computer.
Please note that this might affect a few online games or video sites - game progresses are not saved or videos do not play (YouTube and other major video sites are not affected by the setting).
A warning window about deleting all stored Flash cookies and data appears. Click OK.
You might have to repeat this step if this is the first time you're configuring Flash Player: if the Local Storage Settings jumps back to some other option, choose the Block all sites from storing information on this computer option again. It will be stored this time.
In case you do experience bad trouble on some Flash-based sites (luckily, there are not many left these days), you might want to use the Ask me before allowing new sites to save information on this computer option instead, and then click the Local Storage Settings by Site button to allow the troublesome site(s) to store data.
In the Local Storage Settings by Site window, click Add only if the site you need to allow is not in the list of websites. Otherwise, just click on the site name, choose Allow from the drop-down box and click Close.
In the Add Local Storage Setting by Site window, type Website Domain name without http:// or https:// - for example, startpage.com or games.flashsite.com.
Then select Allow from the When the site wants to use local storage combo box. Finally, click Add, and then click Close in the previous window.
You can customize options by site exactly the same way on other Flash Player Settings Manager tabs, too.
If you want to erase all Flash cookies and data, or you did not see the Disable Local Storage warning message after blocking all sites from storing Flash stuff, click the Delete All... button on Storage tab.
Please note that this will also revert all Flash Player settings to their defaults. Well, we're only on the very first tab, anyway...
Delete All Site Data in Flash Player window opens with the first option, Delete All Site Data and Settings, selected by default.
If you are selling or recycling your current computer, it is recommended to select the Delete All Audio and Video License Files option, too. You need to close all open browser windows to use this option.
Click Delete Data to complete the total cleanup.
The same Delete All button is also available on the Advanced tab.
Switch to Camera and Mic tab in the Flash Player Settings Manager window.
To prevent unauthorized access to your webcam and microphone, use the default option - Ask me when a site wants to use the camera or microphone (recommended). This will pop up a prompt each time a web site tries to see or hear (or record) you.
You can then define exceptions (allow or block) using the Camera and Microphone Settings by Site button. The process is exactly the same as customizing Storage Settings by Site.
In case you need to be extra private, use the Block all sites from using the camera and microphone option instead.
Move to the Playback tab to configure settings for Peer-assisted Networking. This means sharing your Internet bandwith with other users on the same site to provide smoother video and audio playback, or to use chat and connections to other computers.
For both security and Internet speed concerns, it is not advisable to share your connection with other users who visit the same web site. If your upload bandwith is full or nearly full, it will also strongly affect download speed (web pages and content open very slowly).
To prevent slowdowns, click Block all sites from using peer-assisted networking.
Click to open Updates tab. Always use the Allow Adobe to install updates (recommended) option on this tab. This setting enables downloading and applying Flash Player updates in the background.
In Windows Vista and later, you might have to use the Change Update Settings button first - this will wake up the most beloved User Account Control.
Currently installed versions of Flash Player are also listed on this tab:
- ActiveX - Internet Explorer in Windows XP, Vista and 7,
- NPAPI - all browsers that use old Netscape-style plugins, such as Firefox,
- PPAPI - Chromium-based browsers, except Google Chrome and Opera.
In Windows 8 and 8.1, Flash Player is built into Internet Explorer 10 and 11, and Updates tab does not display ActiveX version. Use Windows Update to receive Flash Player patches in these versions of Windows.
To check for updates right away, click Check Now. This will open Adobe web page that detects the installed version of Flash, and lists most recent versions.
You can use free Secunia PSI for fully automated updates of Flash Player.
Finally, let's take a look at the Advanced tab. You do not need to use this tab often - it provides no everyday security options.
The Delete All button in Browsing Data and Settings section removes all stored Flash cookies and data (logins, game progress, etc), plus resets all settings on all tabs to their (sometimes not very secure) defaults.
You should use this only if you're recycling or selling your PC.
This button allows the exact same actions as Delete All button on the very first tab, Storage.
If you plan to sell or recycle your computer, you should also deauthorize the PC to remove all licenses for purchased or rented content, such as audio and video files.
To do this, move to the Protected Content section and click Deauthorize This Computer...:
Deauthorize This Computer window appears. Close all open browsers and click OK to erase all licenses.
And that's it - Adobe Flash Player configuration is now safer.
Fancy even higher level of security, including protection from 0-day exploits? Read about free Microsoft EMET then.