Who You Gonna Trust?

I recently wrote about Adobe’s new Flash Player 9 and Flex 2 solutions, and mentioned a forthcoming Adobe eBook solution that leverages these technologies. Some folks took issue based on a perception of security problems with Adobe software, citing security advisories such as this. The criticism even descended into satire, warning readers of “Stephen King level horrors” ahead. Well, the bottom line here is (to paraphrase GhostBusters): “Who You Gonna Trust”?
Satire aside, security is a serious topic and merits serious consideration. Before specifying or redistributing *any* reading system client software publishers should consider the security implications, including the track record / capabilities of the proposed vendor (or themselves, if contemplating supporting a OSS/home-grown solution).
While Flash Player and Adobe Reader have not been entirely free of security issues, I believe Adobe/Macromedia’s track record is quite good and compares favorable to other major SW vendors – including browsers. I’m not focused in this area but we’ve pretty much had researchers discovering hypothetical exposures, vs. users experiencing actual malware attacks – in fact the exposure above was discovered by our own dedicated security team. Adobe requires security audits before releasing software, and we treat hypothetical security exposures as critical, issuing patches frequently. We also follow a practice of giving users control over their security and privacy settings. Adobe has distributed far more client software (non-OS) than any one else in the world. When you have 100s of millions of installations are you going to have some security issues? Absolutely. But those who adopt Flash Player or Reader can have confidence in Adobe to address these issues.
Some links:
Adobe security advisories main page
Flash Player security
Detailed white paper on Adobe Flash security
One positive factor here is size. Flash Player is relatively small and that means that the code has proportionally few nooks and crannies (in security geek speak it “presents a smaller threat surface”) – many times smaller than (for example) a J2SE Java VM.
Again, I’m not saying Flash Player is perfect – nor that I personally like all applications of Flash, particularly not in-my-face ads – just that as a basis for a Rich Internet Application (RIA) that goes beyond HTML’s capabilities FP’s security footing and track record is a plus, not a drawback, at vs. any alternative that I’m aware of (certainly compared to trusting an arbitrary native-code Windows app or ActiveX control). If someone tries to sell you another eBook reading system – ask them about their implementation architecture’s sandbox model, their dedicated security team, their track record in issuing patches, their financial wherewithal, and their demonstrated ability to manage large-scale client deployments.
A separate issue I got feedback on is using SWF for eBook content – and I may have confused some people about our intentions on this front. Actually Adobe already has a solution that does this – FlashPaper 2. While FlashPaper delivers some ease-of-use advantages vs. (say) Adobe Reader 7, it did not take the world by storm – if it had I might be a Macromedia employee now ;-). Content publishers want interoperability, transportability, and archivability, and solutions that directly consume open standard formats like PDF and XHTML deliver these benefits. Whereas turning documents into SWF, Mobipocket .PRC, PalmDoc, or BBEB is a one-way trip (although if I had to “compile” my content to one of the above, the format that’s supported on 98% of Internet PCs would arguably be the best choice, and that’s exactly what a number of digital magazine vendors are doing).
That being said, at the point where documents blur with applications – for example learning systems – there’s clearly a role for programmatic interactivity on the client. And for handling interactivity, I’d certainly trust SWF over a native Windows EXE.

3 Responses to Who You Gonna Trust?

  1. John Dowdell says:

    Garson’s satirical post does contain some truth: people in the world are getting more and more concerned about the instructions on their own personal devices, and about their own personal data on other peoples’ devices.
    He wants to know whose code is executing on his computer, what it does, and what it is prevented from doing. He is also worried about identity theft, where his personal data in the cloud is improperly accessed and controlled.
    Garson’s “Flash regularly provides gaping security holes” isn’t a sustainable argument — Adobe Flash Player has a long history of active protection against even theoretical exploits, and its easy update costs inoculates the population quickly.
    Garson’s horror situation of a possessed machine is a real one. But from what I’ve seen via the Macromedia side of the family, Bill’s got the trump point: There’s agreeably greater and greater need to trust the code we install on our devices, and the Adobe engines have very strong built-in incentives to do the right thing.

  2. Stewart Whaley says:

    Though people, when asked would say security is absolutely important to them the reality is that it’s not that high on their list of features. Just like when people buy a car – obviously safety is important but how many ask about this when they buy an automobile. Probably very little. We just assume that things are safe and secure. And rightly so. We have to trust that the people who sell us this stuff are taking care of it. The solution is not to scare all us who are involved like terrorism alerts. And in a similiar way when Microsoft releases a security patch and says xyz, “could allow an attacker to remotely compromise your Windows-based system and gain control over it.” Well with that kind of wording who wouldn’t install the patch. But this doesn’t help anyone except the vendor. And it’s an endless cycle. Security is important but it’s the vendors responsibility to get this correct and when problems do arise inform people in easy to understand terms and explain how and why they are fixing the problem.

  3. Mike Downey says:

    I fail to understand the logic in the comments on Garson’s blog about open sourcing the Flash Player. How would having dozens of different implementations of the Flash Player, not all supported by a responsible corporation, resolve the issue of security and trust among the 600M people who use the Flash Player today? If I were a Flash developer I’d hate to know that there were no specific version of the Player that I could target and trust that my entire audience would support.
    I don’t get it.