Delivery-Date: Tue, 17 Jun 2014 12:26:42 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.3 required=5.0 tests=BAYES_00,FREEMAIL_FROM,
	FROM_LOCAL_NOVOWEL,RCVD_IN_DNSWL_MED,RP_MATCHES_RCVD autolearn=ham
	version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by moria.seul.org (Postfix) with ESMTPS id 0CB7C1E030D
	for <archiver@seul.org>; Tue, 17 Jun 2014 12:26:40 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 6874B3002A;
	Tue, 17 Jun 2014 16:26:39 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 87C982FE54
 for <tor-talk@lists.torproject.org>; Tue, 17 Jun 2014 16:24:15 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at eugeni.torproject.org
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id j1x6-ZcJOW_A for <tor-talk@lists.torproject.org>;
 Tue, 17 Jun 2014 16:24:15 +0000 (UTC)
Received: from mout.gmx.com (mout.gmx.com [74.208.4.201])
 (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by eugeni.torproject.org (Postfix) with ESMTPS id 6D7262FDF7
 for <tor-talk@lists.torproject.org>; Tue, 17 Jun 2014 16:24:15 +0000 (UTC)
Received: from [127.0.0.1] ([99.190.181.188]) by mail.gmx.com (mrgmxus002)
 with ESMTPSA (Nemesis) id 0MZkSG-1XIJLW2eRq-00LY27 for
 <tor-talk@lists.torproject.org>; Tue, 17 Jun 2014 18:24:12 +0200
Message-ID: <53A06B99.2010003@gmx.com>
Date: Tue, 17 Jun 2014 11:23:53 -0500
From: Joe Btfsplk <joebtfsplk@gmx.com>
User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64;
 rv:24.0) Gecko/20100101 Thunderbird/24.5.0
MIME-Version: 1.0
To: tor-talk@lists.torproject.org
References: <539F42E7.7010104@gmx.com> <539F8581.60305@cyblings.on.ca>
 <539F8DF1.5010107@gmx.com>
In-Reply-To: <539F8DF1.5010107@gmx.com>
X-Provags-ID: V03:K0:nCDNqkfWxWY8jqInZPeBDm7iBERmspauUxB/CGBpf0GtYvZdN3K
 cygMzkn/uOk9r3Y0fU5FAm2nJuXTx39vE5RiiE+HgHrAxPJ+xFG7sqBw42PTBp/3JckW8JB
 06gAhRMAUgagNGmbEKMNq+HFWqaDZh+wwRCuPdGz5vzaRyb3bD5suwyfMOUdWCOddb3xSiv
 ElVyggYh9JleIeW7k06pQ==
Subject: Re: [tor-talk] Flash executables keep starting in background when
 using TBB
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

I'd still really like some help on finding what calls / causes the 2 
flash .exe files to start in background.
They're ALWAYS shown by Process Explorer, in the *same process tree - 
directly under TBB.*

Is there a way to determine / log, *if another process is calling* those 
2 files, or if determine if TBB, or Flash, is calling the 2 files to start?
Even though _no Flash vids are ever played_.  Below - Some additional 
replies to previous comments.

On 6/16/2014 7:38 PM, Joe Btfsplk wrote:
> On 6/16/2014 7:02 PM, krishna e bera wrote:
>> On 14-06-16 03:17 PM, Joe Btfsplk wrote:
>>> In at least the last couple TBB versions, or longer, I've found
>>> FlashPlayerPlugin_x.x.exe (latest *13_0_0_214.exe) running in background
>>> - numerous times.
>>> Actually, 2 instances of flash exe files are always shown running.
>>>
>>> Biggest question is, what is Flash doing to Tor anonymity in these
>>> cases.  Just because Flash isn't playing doesn't mean it's not
>>> contacting someone, somewhere.
>>> I rarely use Flash - I assume TBB *now comes w/ it installed?*
>>> [snip]
>> >"/Adobe Flashplayer has never come with TBB/."
OK, it probably gets installed in TBB, at same time as for regular Fx, 
but it's always automatically set to disabled in both.
I can deal w/ that, or just remove it? each time Flash is updated. But 
*figuring out what's going on may lead to bug report for TBB.*
>>
>> >"/Are you sure it isnt the ActiveX plugin that comes with MS-Windows? Or
>> >perhaps it got installed at the same time as you updated the flashplayer
>> >for Internet Explorer/?"
Yes, I'm sure.  Read comment on that - above & below.
>>    "/If not, your computer may be infected with a
>> fake flashplayer.  Many website ads offer them with a button that looks
>> deceptively like the download you may have wanted to click on, or even a
>> drive-by exploit/."
Doubt it seriously.  Other scenarios mentioned are much more likely, 
plus nothing was detected.

>
> */No, I think it's more likely that if Flash plugin is installed for one
> version of Fx, it gets installed for all versions of Fx./*
>
> That may explain how it gets there, but not why it starts 2 flash
> executables in background, when the plugin in TBB has always been, &
> still is set at "Never Activate."
> It's not like I'm temporarily activating the plugin, playing some Flash
> vids, then forgetting to disable it.
>
> As said, I never see the Flash files that run in background, being
> *associated w/ regular Fx* - only TBB.  They're always listed under Tor
> Browser - in Process Explorer window.
> Has to be a bug?  If I catch the files running in background (as process
> under TBB), then immediately check TBB plugins status - & it's still
> disabled, how could that be?
>
> Again, the same version Flash plugin is installed in regular Fx & those
> 2 Flash files *never start in background, under it.*
>
> I (maybe) can just remove the plugin from TBB - I rarely use Flash. But
> if I keep it in regular Fx - for emergencies - I'll have to keep
> removing it in TBB.  Sometimes, I'll forget, cause I don't think of
> plugins being installed in TBB.

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

