One of the best ways to protect yourself against criminals exploiting vulnerabilities in Adobe Flash is to enable “Click to Play”.
Click-to-Play prevents Flash elements from being rendered in your browser unless you give specific permission by (you guessed it) clicking.
Enabling Click-to-Play for Flash in Internet Explorer
Click the gear icon on Internet Explorer’s toolbar and select Manage Add-ons.
Select Toolbars and Extensions, and choose Show All add-ons. Locate the Shockwave Flash Object plugin under Adobe Systems Incorporated. Double-click on it, and then click Remove All Sites to remove the default * (which allows all websites to run Flash).
Enabling Click-to-Play for Flash in Firefox
The simplest method is to install the Flashblock add-on.
Alternatively, Type about:addons in your browser bar (where you normally type in website addresses). Press <return>. Click on Plugins. Find “Shockwave Flash” in the light of plugins, and choose Ask to Activate in the dropdown box.
Enabling Click-to-Play for Flash in Opera
Click the Opera menu button, choose Settings, and select Websites. Enable the Click to play option under Plug-ins.
Enabling Click-to-Play for Flash in Safari
Your first option is to install a Safari extension.
If, however, you prefer to only block Flash, try its sister extension the imaginatively-named ClickToFlash.
Alternatively, for a solution which involves no extensions, go to the Preferences pane in Safari, and select the Security icon. Manage Website Settings to the right of Internet plug-ins.
Select the Flash plugin from the list, click the When visiting other websites box, and select Ask.
Enabling Click-to-Play for Flash in Google Chrome
Click Chrome’s menu button and select Settings to open the Settings page. Click Show advanced settings, click Content settings under Privacy, scroll down to Plug-ins, and select Let me choose when to run plug-in content.
Please note that you need to check the plugins page (chrome://plugins) to make sure no plugins are configured to run automatically. Read Michael Horowitz’s excellent article for ComputerWorld for more details of this.
Of course, it goes without saying, that when Adobe does release a fixed version of Flash be sure to install it at your earliest opportunity. (And make sure you get it from Adobe’s own website, rather than scammers who might be trying to fool you into thinking you’re downloading the real deal)
Stay safe folks.
Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.