Is the Flash plugin sandboxed like in Chrome

[Guest]

[Metalfyre]

I start this new topic becuz a moderator asked me to (even though it was somewhat on topic in the closed thread, but that aside)

When using Chrome the flashplayer is being sandboxed. So in other words, it cannot be exploited.

It was exploited just a couple of months ago. Pwn2Own 2012: Google Chrome browser sandbox first to fall | ZDNet

If you want to continue a flash/sandbox discussion, please start your own thread.

Yes, it was exploited ONCE, while hackers admit that they rather not touch Chrome becuz of it's enhanced security. And it's the sandboxed feature that actually enhances it. You fail to mention that there have been attempts during these hacker conventions before where the hackers failed BECAUSE of the sandboxed technology.
Pointing out that sandboxing technology might be flawed, doesn't really suit you as a moderator for a security company that makes a firewall with a sandbox as well.
What would have suited you before closing the topic was a simple yes or no to my initial question, which was: "Does CD sandbox the flash plugin like Chrome does?"
The response I gave (as mentioned here above as a quotation) was in direct answer to the person who started that topic becuz he didn't understand what I meant with sandboxing.
And my answer was the correct one in terms of it's definition. But as we all know, even sandboxing technology can be exploited, but it at least gives another layer of protection as opposed to using no sandbox at all.

[HeffeD]

Sorry for the misunderstanding, but that topic is not closed...

The reason I suggested creating a new topic was because the original post was regarding an issue updating Flash. Asking a question regarding the sandbox in a thread about an updating issue is off-topic.

I didn't answer as to whether or not Dragon sandboxes Flash like Chrome does, because I don't know the answer to that.

And I wasn't saying the techology was flawed. Merely that it had been exploited quite recently.

I'm sorry if you feel that me asking you to create a new topic doesn't suit me as a moderator. Off-topic posting is against the Forum Policy, and I wouldn't be doing my job as a moderator if I didn't say something. If you don't agree with this, you do have a recourse. How to appeal against Moderators decisions

[Metalfyre]

If you do not know, then just say that.

I just assume that a simple question like that was answerable since CD is based off of Chrome source. If CD states that it is exactly like Chrome with the exception of some privacy instrusive behaviour, then it seems that in fact it should also be able to use it's sandboxed technology.

It is somewhat related to the updating Flash issue, as Chrome automatically updates Flash in it's browser becuz it's integrated so it can use the sandbox technology. So it wasn't that "off-topic" as you stated. Even the OP didn't see the problem.

So is there anybody that knows enough about Comodo products that can answer my initial question?

[JoWa]

No, it is not sandboxed in Dragon as it is in Google Chrome. The reason is that Google Chrome on Windows uses a special version of Flash Player (gcswf32.dll). If you use this version of Flash Player with Dragon, it will be sandboxed, just as it is when used with Google Chrome.

I think we can expect changes when the PPAPI-version of Flash Player is released later this year.

Notice the Job-tab in the images.

[Metalfyre]

Thank you very much JoWa for your very clear explanation. This was a very helpful answer. Much appreciated.

[HeffeD]

I just assume that a simple question like that was answerable since CD is based off of Chrome source. If CD states that it is exactly like Chrome with the exception of some privacy instrusive behaviour, then it seems that in fact it should also be able to use it's sandboxed technology.

It's not such a simple question...

Dragon is not based on Chrome, it is based on Chromium. Chromium is not Chrome. Chrome has features that Chromium does not, such as a built-in .pdf reader, Flash Player, and Google's automatic updater.

Since Dragon is based on Chromium, (as are all of the Chrome clones) it has all of Chromium's features, but not Chrome's.

I have never used Chrome, so I haven't kept up on all of the differences between Chromium and Chrome. Sorry about that.

[Metalfyre]

HeffeD, actually it turned out to be a really simple answer, as you can notice by JoWa's reply. It's just that one has to have that knowledge. You didn't, and that's okay, but just mention it when you do not know an answer. No biggie ^^

[HeffeD]

Since I didn't attempt to answer the question, I would have thought it obvious that I didn't know the answer. 

[Metalfyre]

Since I didn't attempt to answer the question, I would have thought it obvious that I didn't know the answer. 

lol, I am not a mindreader HeffeD

[HeffeD]

You don't need to be. You asked why I didn't answer the question, and I said I didn't know the answer. Why is this a problem?

[Metalfyre]

Who said that it's a problem? If you make assumptions then that is open for misinterpretation. You should know this. It's never safe to just assume anything as that's where the most misunderstandings come from.
Just like you seem to assume there is a problem.

You however stated in this topic -> https://forums.comodo.com/help-cd/sandboxing-t83679.0.html an answer that you could as well have given me as well, or pointed me to the topic in which you state and I quote:

"I'm no expert on the differences between Chrome and Chromium's sandboxes, so perhaps someone else has more information. Chrome does sandbox the Flash plugin, and since Chromium doesn't come bundled with Flash like Chrome, I'm assuming it does not sandbox Flash. So there may be a slight advantage there in terms of Flash exploits, but like I said, I don't know all of the differences. (if any)

Even though you express you don't know for sure, it would at least have been an answer, which is better than to assume that by not giving an answer at all the other party can safely say that you don't know at all.  
If you don't give a direct answer, or stay quiet, it is open to any interpretation to the other party.

Now, that being said, you at least have to concur with that. If you don't, well that's okay too ofcourse cuz nobody actually likes to agree upon anything that contradicts that what has been stated the first time. That's only logical.

I have my answer, all I am saying is, as a moderator (or even just as a human being) it's not all that wise to assume anything, as assumptions are often at the base of misunderstandings. And that is something you cannot disagree upon, as it's just plain fact. That's all.. no problem. I never actually thought that you would think I see it as a problem. My replies at least did not indicate any of the sorts.

[HeffeD]

I am sorry for the misunderstanding.

[JoWa]

I think we can expect changes when the PPAPI-version of Flash Player is released later this year.

Actually Chrome Canary has “PepperFlash” (PPAPI) and it can be used with the stable version of Chrome, but I can’t get it to work with Dragon.

Chrome 20 Dev for Linux also has PepperFlash, but not Chrome 20 Dev for Windows.

[Radaghast]

Pepperflash made a brief appearance in Dragon 17.3/4 - Re: Comodo Dragon ver 17.4 is now available for download

[JoWa]

Google Chrome 21 (Dev) for Windows has PepperFlash.

[Tags:]