Risk of allowing Flash in Linux?

[Odyssey]

I'm 90% moved from Windoze to Unbuntu Linux, and still have basic questions. I understand that changes of a fundamental nature require elevation to root equivalent for approval.

I also understand that the ease of use of Windoze is in part dependent on similar fundamental changes being allowed without specific approval. To mitigate against unwelcome scripts running in XP, I use NoScript in my Firefox browser and find it highly effective.

My question has to do with allowing Flash to run in Firefox in Ubuntu. By allowing Flash to run without authorization in each instance, does one also allow the possibility of something untoward occurring as a part of that event?

Part of my problem is a basic lack of understanding of exactly what scripts, java, javascript, ajax and flash are and do, and what the degree of relative risk of each is. If anyone knows of a net resource/tutorial on this subject or can dash off a brief synopsis, this would be greatly appreciated.

TIA

[khafa]

hi,


Adobe uses some type of cookies some people find malicious while some others find them necessary. but generally you can use flash without worrying.
if you want to know about script vulnerabilities check XSS out.

[br0ken]

There is a version of NoScript for Linux if that would help. But most people (myself included) have flash enabled and have no problems. That doesn't mean it can't/won't happen. No matter what the operating system and/or individual program, there are bugs and security flaws. Always keeping an up-to-date version is a good way to minimize bugs and flaws in a program as well.

[Odyssey]

Thank you both. khafa, that wiki reference was very informative and loaded with great references. Will keep me busy for awhile.

[Roxoff]

There is a version of NoScript for Linux if that would help. But most people (myself included) have flash enabled and have no problems. That doesn't mean it can't/won't happen. No matter what the operating system and/or individual program, there are bugs and security flaws. Always keeping an up-to-date version is a good way to minimize bugs and flaws in a program as well.

Sensible advice. Can I just add that there are a couple of issues that really stand in Linux's favour here over the commercial operating system you were using before:

* When Flash or javascript of whatever runs in your browser, they run with the privilege level of the user who's doing the task, this means that normally they dont have access to break anything important - although malicious code could still screw over the contents of your home directory. In practice this doesn't happen on Linux because it's a really boring thing to write a piece of script-kiddie code that does this when, for the same effort, a script-kiddie could compromise or wipe out a whole Windwos machine. And we Linux users all have an active backup scheme so everything is recoverable. Right everyone

* Linux is founded on Open Source software, which means it benefits from Peer Review - which is an effective audit of the security problems in your software. Commercial operating systems are written by the same kinds of people, but could never be subject to the same kind of review by as many people.