Evidence of Adobe Flash…

So Adobe Flash is officially dead now (or will be in a few days…I just know its not getting any more updates).

The question is, how to ENSURE its gone. We both know, people will keep using it if its still there. Besides using automated tools to rip it off desktops, how can we be relatively sure about that.

I started thinking about this.

  • Scanning systems with a tool that has the ability to see it (for example a Vulnerability Scanner SHOULD show it as an EOL product that is a risk)
  • Web Proxy data – Look to see if anyone is accessing a SWF or FLA file. I believe those are pretty much flash exclusive (yes I know other tools can use them)

What other ideas do you have for checking for Flash on machines? I am sure the people reading this blog would love to hear about your thoughts.