Browser

Sandboxing of Adobe Flash coming to Firefox

Patrick Lambert explains why Adobe Flash sandboxing for Firefox will help protect end users.

Security vulnerabilities in browser plugins like Adobe Flash are nothing new. Because there's so many people out there with Flash installed (over 90% of web users) this particular software program has been the target of many hackers for a long time now. It seems like almost every month we see Adobe fixing another serious security flaw. For years now, one of the most important updates end users needed to heed was for Flash player, simply because it was such a huge attack vector. This was true, especially after Microsoft made Windows itself a harder target to attack, with things like DEP, a built-in firewall on by default, and so on. But through the many patches, Adobe learned how to re-engineer its software to be much more secure from the ground up, and last year they started a major campaign to adopt the concept of sandboxing everywhere. Now, that concept is slowly coming to fruition in more and more places.

In December 2010 Adobe announced that their team had been working closely with Google to bring sandboxing to Chrome. This was a major milestone, because up until then, Flash had been a wide open target. Only Internet Explorer users on Vista and Windows 7 had any kind of protection thanks to the Protected Mode features that Microsoft implemented. But now, Chrome ended up being the first browser to truly implement this new important security procedure when it came to Flash. Adobe had experience dealing with sandboxing before, having implemented the same concept on Reader earlier that year. Now, this month they announced that over the past year they've been working with the Mozilla folks, and the same technology will be coming to the Firefox version of the Flash plugin, at least for those on Windows Vista and 7.

As you can probably imagine, this is a big deal and an important step in securing end users. Malware infections and attacks are responsible for downtime in many corporations, with a cost average of $6.3 million a day. So eliminating one of the big target surfaces is a big step forward. Sandboxing is one of those technologies that really help out and can save a lot of trouble for admins who have to constantly go to users and clean their computers. Realistically, very little can be done to prevent actual users from getting infected. Education is important of course, like telling people why it's not a good idea to go to shady sites, why they must do their regular updates, and why downloading software from unknown sources should never be done. But we all know that will never solve all problems. So these types of technological solutions are needed.

How sandboxing works

But what exactly is sandboxing? Basically, a sandbox is a controlled environment where untested or unknown code can be run safely. It used to be that browser plugins would have every privilege given to software run on your system. In turn, these plugins would often run code directly from websites, with very little security in place. ActiveX was a prime example of the terrible things that can happen with that, and was the cause of some of the earliest malware infections. Flash also runs code from websites, in the form of .swf files that contain ActiveScript along with the other media components. Because you end up running code from unknown sources, you never know what could happen if a bug or exploit happens to be present in your Flash player, which ends up being fairly common.

The sandbox creates a virtual environment in which the code runs. Just like running a virtual machine on your computer, the sandbox keeps the code contained, and even if it's malicious, and if the Flash player has a bug that allows that code to escape, everything the plugin has access to, from memory to disk space, is all virtual and in fact simulated by the sandbox. That means even if the code you run tries to overwrite your data, it will do so in a virtual box that won't affect the actual computer. This is what's been implemented, and why it's such an important solution. Instead of fixing bugs as they come up, you proactively go after the possible malware by blocking its access.

Of course, with HTML5 coming, there are many questioning the utility of Flash altogether. But the web is a very vast world of sites and applications, and it would be foolish to think everyone is going to move to HTML5 any time soon, especially considering how early the draft is, and how browsers don't even support the same parts quite yet. Just look at how long it took IE6 to die off. Flash will remain one of the most used plugins for years to come, and is still a default plugin, installed by browsers and computer makers to this day. So while many may dismiss Flash as irrelevant, let's not forget that users most at risk are often those who adapt the slowest, and who will likely still have Flash for a long time.

About

Patrick Lambert has been working in the tech industry for over 15 years, both as an online freelancer and in companies around Montreal, Canada. A fan of Star Wars, gaming, technology, and art, he writes for several sites including the art news commun...

3 comments
mindilator
mindilator

"So while many may dismiss Flash as irrelevant, let???s not forget that users most at risk are often those who adapt the slowest, and who will likely still have Flash for a long time." this doesn't affect your point at all, but there is a nit to pick.... you could just as easily say the users most at risk are the early adopters, because they are "pioneers" in using the fledgling product. what i mean is, nobody can say for sure that HTML5 doesn't have worse vulnerabilities than Flash because it's untried, untested. just because Flash has some problems that we're actually aware of, it doesn't mean HTML5 doesn't have lots of problems that we're unaware of. out of the frying pan, into the fire. at least we've been in the Flash frying pan for long enough that we can insulate ourselves from the surface we stand on. not so much inside the actual fire that is HTML5. a wildfire is what it really is -- who knows where it's going or who's controlling its direction? it's owned and defined by competing companies (what could possibly go wrong?). i believe a user that chooses Flash over HTML5 (when given the choice) is at lesser risk than those who adopt HTML5 on faith and Steve Jobs' blatant lies, er, reality distortion field. at least for now.

pgit
pgit

Sandboxing is a good step, though fixing the code itself is more important. I notice you mention windows (vista and 7) so I assume this feature will not be available for Linux, at least not initially. There is app armor for Linux, but that's a bear to get working right and is a bit of overkill just to keep flash in check. It'd be better if they do develop the sandbox for Linux. Any word on the possibility or even time frame of a Linux version?

techrepublic@
techrepublic@

Linux already has powerful and flexible application sandboxing capabilities. Mozilla just has to write a sandboxing profile for SELinux and/or AppArmor. Making a custom sandboxing solution for Firefox will require far more work and be less secure.