I must admit … when I saw this, I was a little stunted.

Edit: forgot the screenshot

http://i49.tinypic.com/2ib15om.png

have a drink there will be better days ;D

Yep, for the statistics pages…

Why such a big deal though? Pretty much every pc has flash…

http://forum.avast.com/index.php?topic=49727.0

Post: http://forum.avast.com/index.php?topic=49727.msg426324#msg426324

-Scott-

Offtop: Not really going with the flow then? ;D Sorry, I just had to

This is already a classic question. Please try to search the forum before posting.

The short answer is no. However, if you think the graphical stats showcase is the necessity, the answer suddenly becomes yes. Flash is only required for the stats showcase and is not required for basic function.

Avast should definitely switch to HTML5 and OSS codec… just kidding

I dont know how many of you get to participate in things like live reseller open-forums, but I do and can verify that pretty much every time it is on security…btw, Avast! has always received high praise when ever mentioned there…Adobe Flash; and a few other apps they improperly bully into yur OS with poor, poor developed code concerning comprimisability.

That is enough to make me ask…
Just becuase everyone else seems to be calling it a good thing :-X doesnt always mean it is. Awil, lets do a package that IS NOT reliant on any other apps

Me personally, Im tired of paying with my over all security for things such as this. Thank you for addressing the ability to install OFFLINE. Even though I love Avast I would not be purchasing the IS suite and woulda just stayed with the free.

Lol it’s a bare bone VM for crying out loud.

I did - typed “flash” in the search box and pressed enter. I didn’t notice anything relevant. May be you’ll have better luck? http://forum.avast.com/index.php?action=search2

I don’t quite understand the issue, flash is a requirement of many things, even security things…(secunia) so I don’t think that this is an issue…and anyway, if you feel unsecure with it, then remove it…the statistics are not important to the function of avast! it is just a cosmetic thing, which it the point of flash anyway.

I found the thread I referenced by using that method, searching ‘flash’…it was the 6th result, but then I suppose I kinda knew what I was looking for…

There wasn’t an issue, but I guess I was stunted because avast chose to use only flash to display statistics, and won’t even consider displaying static info when flash is not available …

Are those eye-candies that essential to the information presentation?

Yes, I don’t think there is another way of viewing them…i.e. it can’t without flash…

Even with Secunia PSI, which I do use, Flash is only required to show the graph that displays the percentage of patched programs week to week. Note that Flash (ActiveX version) for IE is needed. Flash for Gecko and other browsers won’t suffice.

Using Flash is a “big deal” because it puts Flash within Avast’s security perimeter. Consider that Avast must run with administrative privileges, which means, in turn, that Flash embedded within an Avast application also runs with administrative privileges [1]. Thus, an attacker probably can use an exploitable Flash bug to gain administrative privileges.

Also, since Flash is (by default) a network-enabled application, using it within Avast increases the likelihood that a network-based attack will penetrate Flash and, by extension, Avast.

Finally, good security practice dictates minimizing the amount of privileged code.

[1] Unless Avast uses special techniques to run it in a nonprivileged context. Developers: does it?

still waiting from someone to report he had an infection because of the embedding of flash in Avast5 ;D

It’s the rare victim who knows how her system got infected. I hope that your post does not represent the attitude of the Avast development team.

don’t know what group of people you represent when you launch fake alarms on the potential risks with Flash in Avast : …I dare you to come back here in 3 years and tell me about someone whose system got infected that way. This will be a fantastic occasion to prove your point. You think the avast team is not aware of Flash Player vulnerabilities ? and they would have taken a chance to put V5 users’ systems at risk with that, are you serious?

ps: Avast5 isn’t a browser 8)

By all means please disregard perfectly-mainstream security commentary and impugn the messenger’s motives. That will surely improve Avast’s resistance to attack.

Now, please explain to us – if you can – how adding Flash to Avast’s security perimeter improves (or, at least, doesn’t reduce) its security.

How does a bug in Flash get exploited?
Well, by rendering a special (crafted) Flash content - that turns into a real code in the corresponding process (usually your web browser). So, the attacker puts this “bad” content on a web page… and when you visit that page, your browser may get infected (through the Flash component).

Now, avast! uses Flash only to display its own (statistics) data… how would you make avast! render this special (“exploit”) data? I don’t think you can…

Btw, Flash is used only in avast! GUI - which does not run with administrative privileges. The main avast! service does (run with that privileges), but it uses no GUI components and no Flash.

I think someone just answered to you, post above mine (Igor) … you’re wasting your time : … and a bit of ours.

Have you seen the people the hired to program Windows 7 on TV…none of those guys no a thing about REAL computing since most of the stuff has been there for YEARS!!! Its just been about your own ACTUAL knowledge vs what you say to fit in.

Flash is a VERY comprimisable set of instructions…regardless of where you put it. Im willing to bet more than any of you realise. Thats not the point.

As far as Joe User…sure Falsh is fine and dandy and he probably would swear to its security, but REAL commmunities who understand secure code and instruction sets STILL wonder why adobe isnt doing much about it…same as actually providing 64 bit flash, but thats another topic for Adobe support forums. When Adobe and flash ARE NOT the key vunerabilities addressed in reseller conferences on security I’ll buy into it.

Goggle: Everything Reseller Channel and you can get in on these so you understand this isnt one dude claiming how the reseller community REALLY feels. Last years was hosted by Kaspersky…and they wre pretty non-biased for themselves I must say.

As strongly as I feel about the Avast engine, I think it may be found to be compromised through its use of flash…again, simply over the under-developed code set(s). but thats IMO.

You’re wrong, read what I wrote.

If you argued that your browser might get compromised because you have installed Flash (because of avast!)… there might be a point there. But avast! cannot be compromised through Flash because it renders only its own data through the Flash engine.