Detecting Shockwave

Adobe updated their Shockwave Player yesterday to correct critical security flaws. Shockwave version 11.6.4.634 is buggy, as are earlier versions. The current safe version, on both Windows and OS X is 11.6.5.635.

Since Shockwave can be embedded in a web page, it is especially important to keep an installed copy of the software up to date.

To that end, Adobe has a tester page

www.adobe.com/shockwave/welcome/ 

that reports on the currently installed version of the Shockwave Player. This is what Windows users can expect at that page.

If the Shockwave Player is not installed, Chrome 18 tries to download a file called dir.dcr (below). Depending on how the browser is configured, it may download automatically or it may prompt for a folder to store the file. All in all, not very useful.

shockwave_install_chrome18.jpg

If Shockwave is not installed, Firefox 12 displays a yellow bar at top of the web page window stating that "Additional plugins are required to display all the media on this page". Next to this message is  a button to install the missing plugin.

shockwave_install_ff12.jpg

Clicking the button causes Firefox to try and install the Adobe Shockwave Player version 11.6.4.634. Fortunately, since this is a buggy, vulnerable version of Shockwave, the installation fails.

shockwave_ff_install_failed.jpg

This gives Firefox 12 a trifecta, at least on Windows. It fails to auto-install Flash, Java and Shockwave.

When Shockwave is not installed, Internet Explorer 8 prompts to install version 11.6. Which version of version 11.6, it doesn't say. And, it really should say, because 11.6.4 is bad while 11.6.5 is good.

shockwave_install_ie.jpg

I let it proceed and was then greeted by an ad for Norton Internet Security.

shockwave_ie_installing_ad.jpg

After declining the offer, Internet Explorer succeeded in installing the latest and greatest edition of the Shockwave Player (below). For some reason, the version is reported as 11.6.5r635 rather than 11.6.5.635, which is how Adobe refers to it in the security advisory.

shockwave_installed.jpg

After IE installed Shockwave, viewing the Adobe tester page in Firefox also reported that Shockwave was installed (so its not like Flash with different versions for different browsers).

And, Chrome continues to prove that it's the best browser for Defensive Computing.

Before running the Shockwave applet (is that the right word?) in the Adobe tester page, it asks for permission (below). Neither IE or Firefox do this. 

shockwave_installed_chrome_warns.jpg

This, by the way, is exactly how Chrome treats Java applets. Thank you Google.

If you find that the Shockwave Player is already installed, rather than updating to the latest version, you may want to try living without it.

If you need Shockwave, the latest version can be downloaded at  get.adobe.com/shockwave.

FREE Computerworld Insider Guide: IT Certification Study Tips
Join the discussion
Be the first to comment on this article. Our Commenting Policies