Is it possible that SWFObject can be coded to check for the latest release of Adobe Flash Player. Since "hackers" have discovered methods to use Flash Player for exploit delivery, some method within SWFObject and the expressintall.swf to check for the latest Adobe Flash Player would help.
This is your work product and I am not bitching about it. With the overwhelming security issues that threaten the use of the 'Net', maybe a proactive security option in the SWFObject would be a good thing. As of yet, I have not seen such an option provided by Adobe.
As a web developer, I am not sure it is up to you to "protect" your users anyhow. As an example - If someone wants to use an unpactched version of windows for whatever reason, then they are entitled to :)
All you SHOULD need to be thinking about is what major version of the player the user has to have to view your content (or minor version if you are doing cool things like harware accelerated full screen HD video (FP 9.0.60.120). Sorry. I digress in my own excitement about beta features ....)
The user will get a "updated flash player is available" message via the auto update functionality if they have FP 8+
It is most definitely my responsibility to provide any user who visits any Web content, that is developed by myself, an awareness to security vulnerabilities and options to either patch the vulnerability or ignore it. In the same vein, it is a responsibility to properly label all content to the ICRA [Internet Content Rating Association] classification. Perhaps, if developers and everyone within the Internet communication chain took responsibility to educate and provide awareness, the "keyboard banging script monkeys" wouldn't be making headway nor would the US Congress be considering such abortions as the Spyware Act [H.R. 1525: Internet Spyware Prevention Act of 2007].
So, I will notify them, for example, when a vulnerability exists and is patched in a minor version release, e.g. Flash v9.0.47.0, and place a greater value on that basic function rather than upon any specific major version release or whether or not a Beta version will support High Def.
i'd have to agree with aran here. while i don't dismiss the importance of security updates and patches, people don't come to my site to get them or to be notified of their existence.
most users are being taught quite the opposite of what you propose: don't trust security messages and download prompts from 3rd party sites. many sites aren't as morally upright as yours, and users might be tricked into downloading malware or a virus.
i think the responsibility lies with Adobe. Flash Player's infrastructure should be engineered to (optionally) notify users whenever an important patch is available. let the application handle that stuff, because it's their mess in the first place. it's also standard procedure for most other apps (including Java), and quite frankly, with the way Adobe pesters me about updating all my other Adobe apps, i'm really surprised they aren't doing it with Flash player yet. they do it with Acrobat all the time.
re: labeling content for ICRA, you're the first person i've ever heard talk about doing that.
I agree with you completely that it is Adobe's responsibility. But, when they fail ... on who's shoulders does that responsibility fall? With Java for example, if a user has disabled the Java update, either intentionally or inadvertently, shouldn't they be notified, regardless, that it is imperative to update the Java runtime to v1.6 update 2?
The greatest threat to any in-country operative is an aware and educated indigenous population.
What I am saying is that if everyone gets involved, the window of opportunity shuts down pretty damn quickly.
Post Script: My original question and suggestion, I believe has merit regarding the SWFObject. If there were a method within it that would allow the developer to have the Flash version automatically checked for the latest available update, it takes me out of the loop in having to recommend or direct the user to Adobe and it helps in insuring that security patches become applied at the user's discretion.
i'm not opposed to the concept, but i think it would expand SWFObject well beyond its intended scope.
in order to check if the current player is the latest version, SWFObject would have to become 'aware' of what the latest version of Flash is. that entails either hard-coding the version number, which i doubt anyone would recommend, or creating a server interaction, which would be extremely problematic. SWFObject currently works as a stand-alone JS function. requiring SWFObject to be tied to a 3rd-party server response means (among other things) that it would become vulnerable to cross-domain scripting hacks, it would slow down the response time of the SWF embed process, and could leave people hanging if the server times out.
i understand your suggestion, but it isn't feasible, and would introduce more problems than it solves. this is Adobe's issue.
You seem to have misinterpreted my original post (and the seriousness of some of the statements).
If you want to take responsibility in communicating to your visitors of potential security risks then by all means do so. What I was trying to get across is that flash developers shouldn't necessarily feel responsible for having to do so, as it is all down to choice of the user at the end of the day.
The hi def video comment was only there as a humourous example as to why someone would want to check for a minor build number, and I certainly wasn't suggesting that beta features have more importance over security vulnerabilities.
You are obviously very passionate about the subject, and if you wanted to follow up with your own centralised way of setting the latest release of the player then that is great.
One way to do it would be to have a XML file on your server (in which you set the latest build for each version of the player). Every page which has flash content makes a server call and determines what is the latest build for the flash player version required (8.0.35 for FP 8, 9.0.47 for FP9 etc) and then dynamically writes the build string into the version param for SWFObject.
This is very similar to how expressInstall works - there is a xml file on Adobe.com which is read as to what to install to the users browser.
Thank you, Aran. Now, that is a viable solution. It is this type of collaboration that helps me, you, Adobe, the entire development community and, ultimately, the end user.
I really appreciate your time and thought. Again, thank you very much.