It sounds like you're talking about going to a site, where upon access, a new tab opens in your browser with a message instructing you to update Flash Player.
If it's a legitimate, widely trafficked website, I'd take a look at your router. It's possible for the router to get infected by malware that can inject content into legitimate pages. Power-cycling the router should temporarily clean out this kind of infection (they generally don't persist through a reboot), and you should then update the router's firmware to prevent re-infection.
If the problem is on a sketchy or low-budget website, it's possible that they're either running malicious ads, or the website itself is infected. Buying and running malicious ads is a popular strategy, since as an attacker, the website will happily just put your malicious content there for you. The major players (websites and ad networks) do a good job looking for and preventing that kind of stuff, but smaller players have less resources and expertise at their disposal. If it's specific to a particular website, I'd just avoid that website and/or complain to the site maintainers.
That said, it might be innocent misbehavior (see my big caveat about how to safely install software below). Most browsers disable Flash Player by default, and you may need to take some steps to enable it. The website may be making assumptions about a world where Flash Player was guaranteed to run when installed, and might just be helpfully giving you bad advice. In that instance, they need to update their website.
You can find instructions for enabling Flash Player in your browser here:
Flash Player Help
Here's the big caveat. DON'T DOWNLOAD AND INSTALL SOFTWARE FROM POP-UPS.
Unfortunately, because Flash Player is installed on billions of computers, it's a common target for impersonation for people distributing malware.
As an industry, we've done a pretty good job of defending against technical attacks that allow bad guys to install software without your authorization. In 2018, it's really difficult to do (assuming you're running a modern operating system and not something from 2005, in which case, you should get on that).
The result is that human factors are now the path of least resistance. It's easier to trick you into installing something on behalf of the attacker, vs. figuring out how to defeat all of the security stuff required to do it without your express permission.
In general, you're better off setting everything to update automatically. You can then go through life assuming that any update notifications you get are bogus. This is actually what we strongly recommend, and it generally applies to anything tasked with handing untrusted communication (the operating system, your web browser, flash player, etc.).
The inconvenience of something functional breaking because of an update pales in comparison to the pain of recovering from identity theft.
Here are a few guidelines that will minimize your risk of getting tricked into installing malware:
- Wherever possible, use your operating system's App Store for downloading and updating software
- When software you want (like Flash Player) isn't available from the App Store for your operating system, always navigate directly to the vendor's website. If you need to search for the download, that's cool -- but avoid "download" sites, and find the vendor's actual download link
- Never download stuff from a link in an email or update dialog. Type it in. It's easy to disguise fake URLs in links using internationalized characters and things (e is not the same as è, but it might be really easy to miss if you're not looking closely). If it's a link from a URL shortener service like tinyurl.com/abcde or bit.ly/abcde, you don't know what the end result is going to be, and you're probably wise to just head to Google to find what you need instead.
- When the software offers automatic updates, just turn them on and stop worrying about maintaining all the moving parts running on your computer. The threat landscape is so much different than it was 10-15 years ago. Enable updates so that you're getting critical patches as soon as they become available. Be confident that any subsequent update notifications are probably fake, and act accordingly (either ignore them, or consult the vendor for guidance before doing anything).
- Also, reboot your computer once in a while to ensure that those patches are actually getting employed. (If you never exit your browser, you can update the bits on the hard disk all day, but the instances of the program running in memory is the one that matters.)
For Flash Player specifically:
Always download Flash Player from here: https://get.adobe.com/flashplayer/
When you install, choose the default option of "Allow Adobe to Install Updates (recommended)", and we'll keep it updated for you.
Google Chrome ships Flash Player as a built-in component, and keeps it updated automatically. There's nothing separate to download, install or configure.
Microsoft Edge and Internet Explorer on Windows 8 and higher also include Flash Player as a built-in component of their browser, and updates are handled automatically through Windows Update. Again, as long as Windows Update is enabled, there's nothing to download or configure.
Hope that helps!
2
Replies
AdChoices