In this hot question on Gaming, the asker wants to know how to continue playing FarmVille. Answers and comments exlpain ways to do so, but no one currently has a solution that seems safe to me.
Someone mentioned VMs and emulators, but I’m not convinced this wouldn’t still compromise the host machine.
Assuming the Flash game (or whatever Flash object) you want isn’t archived in a safe way, is there a way to setup a system to safely use Flash?
Flash itself reaches end of life at Dec 31, 2020. It's an old technology which has suffered from numerous security issues, and as such I see no reason that new security issues won't be found in the future. So, I would consider flash to be unsafe to use. The only way you can "safely" use an unsafe technology (especially one which has known vulnerabilities which will never be patched) is to contain any breaches. The best way to do this is by using a virtual machine, or by using a dedicated machine which is segmented from the rest of your internal network.
I am not sure why you are wary of using a VM. If an attacker were to compromise your VM by exploiting flash, they would then have to break out of the VM sandbox to compromise your host. Is this impossible? I'm sure it's not. However if you are using a supported VM at its latest version, the attacker is going to need to have access to a 0-day (or 1-day) exploit, and I'm sorry but I have my doubts they would burn a valuable sandbox escape on someone like you, who is just looking to play FarmVille. There are bigger fish to fry.
Besides, like I said, the only way you can use a vulnerable program "safely" is to contain a breach when it happens. VMs are the best way to do this. If you have questions about VM safety, I would ask another question specifically about that.
The main security issues with Flash come from the execution of code explicitly designed to exploit the system. The main mitigation measures are thus to only execute known good code from trusted sources or to reduce the harm a successful exploit might do.
If the Flash object is for example fully in the users control (i.e. local disk, DVD etc) then it is sufficiently safe to execute it on a normal system. One must make sure though that it will not accidentally execute any other Flash objects from potentially untrusted sources. This might happen for example when saving Flash content from the internet, plugging in a data medium from an untrusted source or similar. So it might better be some kind of isolated system which is used only for very specific tasks.
If there is a chance that Flash content could be executed from untrusted sources (and any source on the internet should be considered untrusted, since it might have been hacked) then it should only be executed inside some very restricted environment. This can be for example a virtual machine, dedicated for this purpose. In theory it is possible that an exploit not only affects the system inside the OS but can actually break out of the virtual machine. But in practice this is very unlikely unless one is specifically targeted by a powerful enemy. It is still possible though that the attacker tries to connect from inside the local machine to other systems on the local network or to the router for further exploits. Such dangerous interactions with local systems can be prevented by firewall rules outside the VM. Additionally it is a good idea to make a snapshot of the VM before running the Flash object the first time and to regularly reset the VM back to this initial state to defend against attacks which try to persist.
