Loading ...
Sorry, an error occurred while loading the content.

Mildly OT: installing Flash on OS X without password

Expand Messages
  • Kathy Wheeler
    My Firefox (beta) just updated itself to 3.6, and told me I should update my Flash plugin to prevent security and stability issues. Security issues yet
    Message 1 of 15 , Jun 28, 2010
    • 0 Attachment
      My Firefox (beta) just updated itself to 3.6, and told me I should
      update my Flash plugin to prevent "security and stability" issues.
      Security issues yet again. How wonderful ... not. I already run
      Flashblock and Flashkiller and I only allow Flash to run to see stuff
      I really want to (like the panos posted here). But the damn Flash
      installer wants my password, and for "security and stability" reasons
      and the poor track record Flash has in that area I'm not prepared to
      give it.

      So ... does any Mac user here know how to install the current Flash
      plugin by-passing the password requirement?? I found a windows
      related page, but it doesn't translate well to OS X. I can't see one
      good reason for Flash to need an administrator/system password. But
      at the moment as I've disabled the old insecure/unstable plugin I'm
      flying blind as far as most pano content is concerned :-(

      Suggestions appreciated, off-list if you prefer.

      KathyW.
    • Ken Warner
      Sounds funny to me too. I don t think giving your password is a good idea. Are you running as an administrator -- is that the right term for Macs? Maybe
      Message 2 of 15 , Jun 28, 2010
      • 0 Attachment
        Sounds funny to me too. I don't think giving your password
        is a good idea.

        Are you running as an administrator -- is that the right term
        for Macs? Maybe installing as administrator would work.

        Kathy Wheeler wrote:
        > My Firefox (beta) just updated itself to 3.6, and told me I should
        > update my Flash plugin to prevent "security and stability" issues.
        > Security issues yet again. How wonderful ... not. I already run
        > Flashblock and Flashkiller and I only allow Flash to run to see stuff
        > I really want to (like the panos posted here). But the damn Flash
        > installer wants my password, and for "security and stability" reasons
        > and the poor track record Flash has in that area I'm not prepared to
        > give it.
        >
        > So ... does any Mac user here know how to install the current Flash
        > plugin by-passing the password requirement?? I found a windows
        > related page, but it doesn't translate well to OS X. I can't see one
        > good reason for Flash to need an administrator/system password. But
        > at the moment as I've disabled the old insecure/unstable plugin I'm
        > flying blind as far as most pano content is concerned :-(
        >
        > Suggestions appreciated, off-list if you prefer.
        >
        > KathyW.
        >
        >
      • Trausti Hraunfjord
        Hi Kathy. What poor track record are you talking about Flash having had? To the best of my knowledge, NO software program EVER made, has been safe and secure
        Message 3 of 15 , Jun 28, 2010
        • 0 Attachment
          Hi Kathy.

          What "poor track record" are you talking about Flash having had?

          To the best of my knowledge, NO software program EVER made, has been safe
          and secure and not needed some kind of updates etc.

          The best security available, today, is by running Mac's... and you are on a
          Mac, so that should be good enough. Running Flash killer and Flash block...
          is taking it to the extreme ... in my humble opinion.

          The password requirement is just one more (irritating over protectionist)
          safety valve built into OSX. There is absolutely NOTHING bad going to
          happen if you provide the password for the installation for as long as you
          are downloading the Flash player from Adobe. The password is NOT leaving
          your machine, but it is needed in order to get the installation a green
          light.

          The password requirement is a standard procedure in OSX for installations of
          Adobe programs. Another program that need a password, would be "iWork 09"
          .... yes, that is a native Apple program, but still it will require a
          password.

          So it is not because Flash is not secure or safe, but because of some
          internal Apple things.

          Live a little and take the chance :) and good luck.

          Trausti



          On Mon, Jun 28, 2010 at 11:43 PM, Kathy Wheeler
          <kathyw@...>wrote:

          >
          >
          > My Firefox (beta) just updated itself to 3.6, and told me I should
          > update my Flash plugin to prevent "security and stability" issues.
          > Security issues yet again. How wonderful ... not. I already run
          > Flashblock and Flashkiller and I only allow Flash to run to see stuff
          > I really want to (like the panos posted here). But the damn Flash
          > installer wants my password, and for "security and stability" reasons
          > and the poor track record Flash has in that area I'm not prepared to
          > give it.
          >
          > So ... does any Mac user here know how to install the current Flash
          > plugin by-passing the password requirement?? I found a windows
          > related page, but it doesn't translate well to OS X. I can't see one
          > good reason for Flash to need an administrator/system password. But
          > at the moment as I've disabled the old insecure/unstable plugin I'm
          > flying blind as far as most pano content is concerned :-(
          >
          > Suggestions appreciated, off-list if you prefer.
          >
          > KathyW.
          >
          >
          >


          [Non-text portions of this message have been removed]
        • Eric O'Brien
          We have to wonder: does Flash *actually require* elevated privileges in order that it be correctly installed? The point of concern is not whether your
          Message 4 of 15 , Jun 28, 2010
          • 0 Attachment
            We have to wonder: does Flash *actually require* elevated privileges
            in order that it be correctly installed?

            The point of concern is not whether your password stays "on your
            machine" or not -- instead, it is: what might happen if you give an
            installation program elevated privileges then say, "Go ahead and do
            whatever you want." Which is pretty much what you are doing.

            Unless I'm mistaken, giving your *administrative* password in such
            cases is more or less the equivalent of doing "sudo" on the command
            line. That is, you unlock quite a bit more access to your computer
            than you would normally be allowed, even as an Administrator. I don't
            think it is *quite* the same as giving the installer in question root
            access, but I could be wrong. The situation certainly is worthy of
            applying some caution and skepticism.

            I seem to recall a number of complaints about installers that threw up
            that Authorization dialog, even though *nothing* they installed
            actually needed elevated privileges to work correctly.

            More knowledgeable people please step in!


            eo

            On Jun 28, 2010, at 10:06 PM, Trausti Hraunfjord wrote:

            > Hi Kathy.
            >
            > What "poor track record" are you talking about Flash having had?
            >
            > To the best of my knowledge, NO software program EVER made, has been
            > safe
            > and secure and not needed some kind of updates etc.
            >
            > The best security available, today, is by running Mac's... and you
            > are on a
            > Mac, so that should be good enough. Running Flash killer and Flash
            > block...
            > is taking it to the extreme ... in my humble opinion.
            >
            > The password requirement is just one more (irritating over
            > protectionist)
            > safety valve built into OSX. There is absolutely NOTHING bad going
            > to
            > happen if you provide the password for the installation for as long
            > as you
            > are downloading the Flash player from Adobe. The password is NOT
            > leaving
            > your machine, but it is needed in order to get the installation a
            > green
            > light.
            >
            > The password requirement is a standard procedure in OSX for
            > installations of
            > Adobe programs. Another program that need a password, would be
            > "iWork 09"
            > .... yes, that is a native Apple program, but still it will require a
            > password.
            >
            > So it is not because Flash is not secure or safe, but because of some
            > internal Apple things.
            >
            > Live a little and take the chance :) and good luck.
            >
            > Trausti
            >
            >
            >
            > On Mon, Jun 28, 2010 at 11:43 PM, Kathy Wheeler
            > <kathyw@...>wrote:
            >
            >>
            >>
            >> My Firefox (beta) just updated itself to 3.6, and told me I should
            >> update my Flash plugin to prevent "security and stability" issues.
            >> Security issues yet again. How wonderful ... not. I already run
            >> Flashblock and Flashkiller and I only allow Flash to run to see stuff
            >> I really want to (like the panos posted here). But the damn Flash
            >> installer wants my password, and for "security and stability" reasons
            >> and the poor track record Flash has in that area I'm not prepared to
            >> give it.
            >>
            >> So ... does any Mac user here know how to install the current Flash
            >> plugin by-passing the password requirement?? I found a windows
            >> related page, but it doesn't translate well to OS X. I can't see one
            >> good reason for Flash to need an administrator/system password. But
            >> at the moment as I've disabled the old insecure/unstable plugin I'm
            >> flying blind as far as most pano content is concerned :-(
            >>
            >> Suggestions appreciated, off-list if you prefer.
            >>
            >> KathyW.
          • Csaba Tóth
            You need to enter your password because the programs you start are only allowed to write into your user directory, and as I know the flash plugin goes into the
            Message 5 of 15 , Jun 29, 2010
            • 0 Attachment
              You need to enter your password because the programs you start are only allowed to write into your user directory, and as I know the flash plugin goes into the /Library/ folder.
              The installer is only allowed to write into any folder other than your home folder if you provide your password to it.

              Cheers
              Csaba


              On 2010.06.29., at 8:39, Eric O'Brien wrote:

              We have to wonder: does Flash *actually require* elevated privileges
              in order that it be correctly installed?

              The point of concern is not whether your password stays "on your
              machine" or not -- instead, it is: what might happen if you give an
              installation program elevated privileges then say, "Go ahead and do
              whatever you want." Which is pretty much what you are doing.

              Unless I'm mistaken, giving your *administrative* password in such
              cases is more or less the equivalent of doing "sudo" on the command
              line. That is, you unlock quite a bit more access to your computer
              than you would normally be allowed, even as an Administrator. I don't
              think it is *quite* the same as giving the installer in question root
              access, but I could be wrong. The situation certainly is worthy of
              applying some caution and skepticism.

              I seem to recall a number of complaints about installers that threw up
              that Authorization dialog, even though *nothing* they installed
              actually needed elevated privileges to work correctly.

              More knowledgeable people please step in!

              eo

              On Jun 28, 2010, at 10:06 PM, Trausti Hraunfjord wrote:

              > Hi Kathy.
              >
              > What "poor track record" are you talking about Flash having had?
              >
              > To the best of my knowledge, NO software program EVER made, has been
              > safe
              > and secure and not needed some kind of updates etc.
              >
              > The best security available, today, is by running Mac's... and you
              > are on a
              > Mac, so that should be good enough. Running Flash killer and Flash
              > block...
              > is taking it to the extreme ... in my humble opinion.
              >
              > The password requirement is just one more (irritating over
              > protectionist)
              > safety valve built into OSX. There is absolutely NOTHING bad going
              > to
              > happen if you provide the password for the installation for as long
              > as you
              > are downloading the Flash player from Adobe. The password is NOT
              > leaving
              > your machine, but it is needed in order to get the installation a
              > green
              > light.
              >
              > The password requirement is a standard procedure in OSX for
              > installations of
              > Adobe programs. Another program that need a password, would be
              > "iWork 09"
              > .... yes, that is a native Apple program, but still it will require a
              > password.
              >
              > So it is not because Flash is not secure or safe, but because of some
              > internal Apple things.
              >
              > Live a little and take the chance :) and good luck.
              >
              > Trausti
              >
              >
              >
              > On Mon, Jun 28, 2010 at 11:43 PM, Kathy Wheeler
              > <kathyw@...>wrote:
              >
              >>
              >>
              >> My Firefox (beta) just updated itself to 3.6, and told me I should
              >> update my Flash plugin to prevent "security and stability" issues.
              >> Security issues yet again. How wonderful ... not. I already run
              >> Flashblock and Flashkiller and I only allow Flash to run to see stuff
              >> I really want to (like the panos posted here). But the damn Flash
              >> installer wants my password, and for "security and stability" reasons
              >> and the poor track record Flash has in that area I'm not prepared to
              >> give it.
              >>
              >> So ... does any Mac user here know how to install the current Flash
              >> plugin by-passing the password requirement?? I found a windows
              >> related page, but it doesn't translate well to OS X. I can't see one
              >> good reason for Flash to need an administrator/system password. But
              >> at the moment as I've disabled the old insecure/unstable plugin I'm
              >> flying blind as far as most pano content is concerned :-(
              >>
              >> Suggestions appreciated, off-list if you prefer.
              >>
              >> KathyW.




              [Non-text portions of this message have been removed]
            • Henri Smeets
              Installing any program on OSX is preceded by the system asking the system password, it is to prevent unauthorized individuals from installing programs on a
              Message 6 of 15 , Jun 29, 2010
              • 0 Attachment
                Installing any program on OSX is preceded by the system asking the system
                password, it is to prevent unauthorized individuals from installing programs
                on a Mac. Nothing weird, no funny business just common practice. If you are
                alarmed by seeing this dialogue box it means you have not installed a lot
                (or any) software, that uses an installer, on your system before, now that
                would be strange :-)
                --
                View this message in context: http://panotoolsng.586017.n4.nabble.com/Mildly-OT-installing-Flash-on-OS-X-without-password-tp2271731p2271912.html
                Sent from the PanoToolsNG mailing list archive at Nabble.com.
              • Kathy Wheeler
                ... Incorrect. I have installed numerous applications that have NOT required the system password. I can see no good reason for Flash to require it. KathyW.
                Message 7 of 15 , Jun 29, 2010
                • 0 Attachment
                  On 29/06/2010, at 6:58 PM, Henri Smeets wrote:
                  > Installing any program on OSX is preceded by the system asking the
                  > system
                  > password,

                  Incorrect. I have installed numerous applications that have NOT
                  required the system password.

                  I can see no good reason for Flash to require it.

                  KathyW.
                • Ian Wood
                  Strictly speaking, you get asked for a password if the app/installer installs files somewhere other than your user folder (and a few other situations).
                  Message 8 of 15 , Jun 29, 2010
                  • 0 Attachment
                    Strictly speaking, you get asked for a password if the app/installer installs files somewhere other than your user folder (and a few other situations).

                    Drag-n-drop-install apps don't need a password at all.

                    Ian


                    On 29 Jun 2010, at 09:58, Henri Smeets wrote:

                    > Installing any program on OSX is preceded by the system asking the system
                    > password, it is to prevent unauthorized individuals from installing programs
                    > on a Mac. Nothing weird, no funny business just common practice. If you are
                    > alarmed by seeing this dialogue box it means you have not installed a lot
                    > (or any) software, that uses an installer, on your system before, now that
                    > would be strange :-)
                  • Matthew Rogers
                    You may have COPIED applications from a downloaded disk image but you cannot INSTALL anything on OS X without a password. Matt ... [Non-text portions of this
                    Message 9 of 15 , Jun 29, 2010
                    • 0 Attachment
                      You may have COPIED applications from a downloaded disk image but you cannot INSTALL anything on OS X without a password.

                      Matt

                      On 29 Jun 2010, at 11:50, Kathy Wheeler wrote:

                      >
                      > On 29/06/2010, at 6:58 PM, Henri Smeets wrote:
                      > > Installing any program on OSX is preceded by the system asking the
                      > > system
                      > > password,
                      >
                      > Incorrect. I have installed numerous applications that have NOT
                      > required the system password.
                      >
                      > I can see no good reason for Flash to require it.
                      >
                      > KathyW.
                      >
                      >



                      [Non-text portions of this message have been removed]
                    • mrjimbo
                      Kathy, The Flash installer does not want your password .. The Mac OSX system installer however wants to verify that you are the administrator of the machine
                      Message 10 of 15 , Jun 29, 2010
                      • 0 Attachment
                        Kathy,
                        The Flash installer does not want your password .. The Mac OSX system installer however wants to verify that you are the administrator of the machine and thus asks prior to any install. So what I'm saying is that when a program tries to install either manually by you or automatically .. Part of what OSX does is block all installs until you as the administrator allow it to move forward with the install. That small segment of any install is controlled by the OS not the program your trying to install.So the answer to your question is their is not a method to bypass the password or approval feature in OSX when installing a piece of software..It's part of the security built into the OS.. So if your using someone else's MAC and want to do the update you can't...That is how it should be I guess ...right?

                        jimbo


                        ----- Original Message -----
                        From: Kathy Wheeler
                        To: PanoToolsNG@yahoogroups.com
                        Sent: Monday, June 28, 2010 10:43 PM
                        Subject: [PanoToolsNG] Mildly OT: installing Flash on OS X without password



                        My Firefox (beta) just updated itself to 3.6, and told me I should
                        update my Flash plugin to prevent "security and stability" issues.
                        Security issues yet again. How wonderful ... not. I already run
                        Flashblock and Flashkiller and I only allow Flash to run to see stuff
                        I really want to (like the panos posted here). But the damn Flash
                        installer wants my password, and for "security and stability" reasons
                        and the poor track record Flash has in that area I'm not prepared to
                        give it.

                        So ... does any Mac user here know how to install the current Flash
                        plugin by-passing the password requirement?? I found a windows
                        related page, but it doesn't translate well to OS X. I can't see one
                        good reason for Flash to need an administrator/system password. But
                        at the moment as I've disabled the old insecure/unstable plugin I'm
                        flying blind as far as most pano content is concerned :-(

                        Suggestions appreciated, off-list if you prefer.

                        KathyW.





                        [Non-text portions of this message have been removed]
                      • Roger Howard
                        It s quite possible for software installers on OSX to not require an admin password - but this would restrict any installed components to the current user...
                        Message 11 of 15 , Jun 29, 2010
                        • 0 Attachment
                          It's quite possible for software installers on OSX to not require an admin
                          password - but this would restrict any installed components to the current
                          user... since Flash Player is a plugin intended for use by the browser,
                          available to all users, it's generally accepted practice to install this in
                          /Library rather than ~/Library, requiring an admin password.

                          It's also possible to install it locally in your account only - in ~/Library
                          - by extracting the installer contents and manually placing them in
                          ~/Library using Pacifist (http://www.charlessoft.com/) but, frankly, I
                          wouldn't do this - it won't be handled by future updates, so you'll likely
                          end up with an out of date local (user) copy which will override the
                          system-wide updated version.

                          As for Flash Player security issues, yes they exist... its debatable whether
                          Flash Player has a particularly bad security track record, but it's also an
                          extremely high profile target (as are Web browsers and their dependencies,
                          and any other common tools which load and interpret/render content over the
                          Internet). The simple fact is Flash Player is a major target for remote
                          exploits like code injection using buffer overruns, and everyone should be
                          keeping it up to date... by using the normal install process, rather than
                          managing a custom install in a non-standard location, you're much more
                          likely to stay updated.

                          Frankly, Adobe Acrobat vulnerabilities concern me far, far more than Flash
                          Player.

                          -R


                          [Non-text portions of this message have been removed]
                        • mick crane
                          ... It is the way things are these days. you have to take that leap of trust. probably there are ways to protect sensitive stuff but generally everything is
                          Message 12 of 15 , Jun 29, 2010
                          • 0 Attachment
                            On Tue, June 29, 2010 5:43 am, Kathy Wheeler wrote:
                            > My Firefox (beta) just updated itself to 3.6, and told me I should
                            > update my Flash plugin to prevent "security and stability" issues. Security
                            > issues yet again. How wonderful ... not. I already run Flashblock and
                            > Flashkiller and I only allow Flash to run to see stuff
                            > I really want to (like the panos posted here). But the damn Flash
                            > installer wants my password, and for "security and stability" reasons and
                            > the poor track record Flash has in that area I'm not prepared to give it.
                            >
                            > So ... does any Mac user here know how to install the current Flash
                            > plugin by-passing the password requirement?? I found a windows related
                            > page, but it doesn't translate well to OS X. I can't see one good reason
                            > for Flash to need an administrator/system password. But at the moment as
                            > I've disabled the old insecure/unstable plugin I'm
                            > flying blind as far as most pano content is concerned :-(
                            >
                            > Suggestions appreciated, off-list if you prefer.

                            It is the way things are these days. you have to take that leap of trust.
                            probably there are ways to protect sensitive stuff but generally
                            everything is done over the net and it wants root access. So you can be
                            safe and have stuff that doesn't work very well or take the risk.
                          • Roger Howard
                            ... Just a note - admin isn t root (thank god!), and all Flash Player (or any app) needs is admin... and unlike root, admin access does *not* imply full access
                            Message 13 of 15 , Jun 29, 2010
                            • 0 Attachment
                              On Tue, Jun 29, 2010 at 12:07 PM, mick crane <mick.crane@...> wrote:

                              >
                              >
                              >
                              > On Tue, June 29, 2010 5:43 am, Kathy Wheeler wrote:
                              > > My Firefox (beta) just updated itself to 3.6, and told me I should
                              > > update my Flash plugin to prevent "security and stability" issues.
                              > Security
                              > > issues yet again. How wonderful ... not. I already run Flashblock and
                              > > Flashkiller and I only allow Flash to run to see stuff
                              > > I really want to (like the panos posted here). But the damn Flash
                              > > installer wants my password, and for "security and stability" reasons and
                              > > the poor track record Flash has in that area I'm not prepared to give it.
                              > >
                              > > So ... does any Mac user here know how to install the current Flash
                              > > plugin by-passing the password requirement?? I found a windows related
                              > > page, but it doesn't translate well to OS X. I can't see one good reason
                              > > for Flash to need an administrator/system password. But at the moment as
                              > > I've disabled the old insecure/unstable plugin I'm
                              > > flying blind as far as most pano content is concerned :-(
                              > >
                              > > Suggestions appreciated, off-list if you prefer.
                              >
                              > It is the way things are these days. you have to take that leap of trust.
                              > probably there are ways to protect sensitive stuff but generally
                              > everything is done over the net and it wants root access. So you can be
                              > safe and have stuff that doesn't work very well or take the risk.
                              >

                              Just a note - admin isn't root (thank god!), and all Flash Player (or any
                              app) needs is admin... and unlike root, admin access does *not* imply full
                              access to any files on your filesystem. Likewise, most all of us should be
                              running our day to day login as a regular user - not admin... though I'd be
                              willing to be not 10% of us do. This simple step is something that'll go a
                              long way to limiting the damage of trojan horses and other malware, and is
                              not nearly as limiting as it might sound.


                              [Non-text portions of this message have been removed]
                            • Robert C. Fisher
                              Ok Roger I have one user Me how do I set up an admin acct, or do I set up another user acct without admin privileges? If I do the later how do I get my user
                              Message 14 of 15 , Jun 29, 2010
                              • 0 Attachment
                                Ok Roger I have one user "Me" how do I set up an admin acct, or do I
                                set up another user acct without admin privileges? If I do the later
                                how do I get my user info into the new user acct?

                                >
                                > Just a note - admin isn't root (thank god!), and all Flash Player
                                > (or any
                                > app) needs is admin... and unlike root, admin access does *not*
                                > imply full
                                > access to any files on your filesystem. Likewise, most all of us
                                > should be
                                > running our day to day login as a regular user - not admin... though
                                > I'd be
                                > willing to be not 10% of us do. This simple step is something
                                > that'll go a
                                > long way to limiting the damage of trojan horses and other malware,
                                > and is
                                > not nearly as limiting as it might sound.
                                >
                                >

                                Cheers
                                Robert C. Fisher
                                VR Photography / Cinematography
                                bob@...
                                http://www.rcfisher.com
                                Facebook - Robert C. Fisher






                                [Non-text portions of this message have been removed]
                              • Trausti Hraunfjord
                                Absolutely correct. I have been preaching this to Windows users for years... saves people from buying antivirus software and saves them from crashes and saves
                                Message 15 of 15 , Jun 29, 2010
                                • 0 Attachment
                                  Absolutely correct. I have been preaching this to Windows users for
                                  years... saves people from buying antivirus software and saves them from
                                  crashes and saves them from frustration ... and would also save me from
                                  having to fix their machines all the time... but unfortunately such an
                                  advice is not heeded by normal users.

                                  Me personally... never use a normal user account... but *that* is a
                                  different story :)

                                  Trausti

                                  On Tue, Jun 29, 2010 at 2:34 PM, Roger Howard <rogerhoward@...> wrote:


                                  most all of us should be
                                  running our day to day login as a regular user - not admin... though I'd be
                                  willing to be not 10% of us do. This simple step is something that'll go a
                                  long way to limiting the damage of trojan horses and other malware, and is
                                  not nearly as limiting as it might sound.


                                  [Non-text portions of this message have been removed]
                                Your message has been successfully submitted and would be delivered to recipients shortly.