Patrick Lambert explains why Adobe Flash sandboxing for Firefox will help protect end users.
Security vulnerabilities in browser plugins like Adobe Flash are nothing new. Because there's so many people out there with Flash installed (over 90% of web users) this particular software program has been the target of many hackers for a long time now. It seems like almost every month we see Adobe fixing another serious security flaw. For years now, one of the most important updates end users needed to heed was for Flash player, simply because it was such a huge attack vector. This was true, especially after Microsoft made Windows itself a harder target to attack, with things like DEP, a built-in firewall on by default, and so on. But through the many patches, Adobe learned how to re-engineer its software to be much more secure from the ground up, and last year they started a major campaign to adopt the concept of sandboxing everywhere. Now, that concept is slowly coming to fruition in more and more places.
In December 2010 Adobe announced that their team had been working closely with Google to bring sandboxing to Chrome. This was a major milestone, because up until then, Flash had been a wide open target. Only Internet Explorer users on Vista and Windows 7 had any kind of protection thanks to the Protected Mode features that Microsoft implemented. But now, Chrome ended up being the first browser to truly implement this new important security procedure when it came to Flash. Adobe had experience dealing with sandboxing before, having implemented the same concept on Reader earlier that year. Now, this month they announced that over the past year they've been working with the Mozilla folks, and the same technology will be coming to the Firefox version of the Flash plugin, at least for those on Windows Vista and 7.
As you can probably imagine, this is a big deal and an important step in securing end users. Malware infections and attacks are responsible for downtime in many corporations, with a cost average of $6.3 million a day. So eliminating one of the big target surfaces is a big step forward. Sandboxing is one of those technologies that really help out and can save a lot of trouble for admins who have to constantly go to users and clean their computers. Realistically, very little can be done to prevent actual users from getting infected. Education is important of course, like telling people why it's not a good idea to go to shady sites, why they must do their regular updates, and why downloading software from unknown sources should never be done. But we all know that will never solve all problems. So these types of technological solutions are needed.
How sandboxing works
But what exactly is sandboxing? Basically, a sandbox is a controlled environment where untested or unknown code can be run safely. It used to be that browser plugins would have every privilege given to software run on your system. In turn, these plugins would often run code directly from websites, with very little security in place. ActiveX was a prime example of the terrible things that can happen with that, and was the cause of some of the earliest malware infections. Flash also runs code from websites, in the form of .swf files that contain ActiveScript along with the other media components. Because you end up running code from unknown sources, you never know what could happen if a bug or exploit happens to be present in your Flash player, which ends up being fairly common.
The sandbox creates a virtual environment in which the code runs. Just like running a virtual machine on your computer, the sandbox keeps the code contained, and even if it's malicious, and if the Flash player has a bug that allows that code to escape, everything the plugin has access to, from memory to disk space, is all virtual and in fact simulated by the sandbox. That means even if the code you run tries to overwrite your data, it will do so in a virtual box that won't affect the actual computer. This is what's been implemented, and why it's such an important solution. Instead of fixing bugs as they come up, you proactively go after the possible malware by blocking its access.
Of course, with HTML5 coming, there are many questioning the utility of Flash altogether. But the web is a very vast world of sites and applications, and it would be foolish to think everyone is going to move to HTML5 any time soon, especially considering how early the draft is, and how browsers don't even support the same parts quite yet. Just look at how long it took IE6 to die off. Flash will remain one of the most used plugins for years to come, and is still a default plugin, installed by browsers and computer makers to this day. So while many may dismiss Flash as irrelevant, let's not forget that users most at risk are often those who adapt the slowest, and who will likely still have Flash for a long time.