Suspected PayPal Hackers Seek Deal To Stay Out Of Prison
2 Men Arrested After Teen Was Run Over For His iPad
Keeping your OS patched isn't enough
The prevailing wisdom is that if you keep your operating system up to date with the latest security patches, and you run antivirus software, you're probably safe from malware. Unfortunately, that's just not true.
Consider yesterday's news that Trend Micro has discovered a new zero-day exploit in Adobe Reader. Who doesn't have Adobe Reader on their machine? If you have it, how careful are you about keeping it up to date? To be fair, the likelihood that you are going to try to open an infected PDF file is probably fairly small, but on the other hand, Adobe Reader is only one of probably hundreds of applications on your machine. As Mozilla recently discovered, thousands of Firefox users have potentially vulnerable older versions of Flash running on their machines.
So what's a responsible computer user to do? It's a difficult problem. Some software vendors are very responsible about pushing out updates to their software when needed. Others leave it in the user's hands. There are tools that will scan your machine and let you know when updates are available, but I'm not a big fan of these; I think users should know just what is changing on their system.
The best you can do is to be vigilant and consider your software at the same level you do the operating system when ensuring your machine is up to date. Obviously web-facing software or software that interacts with downloaded files are the biggest concern, and anything that is ubiquitous or incredibly popular, like Microsoft Office or your favorite browser.
What do you do to make sure your machine is as secure as you can make it?
[via InSecurity Complex]
Comments
22
Subscribe to commentsBebeOct 11th 2009 12:33PM
I have not heard from Adobe reader in a loooong time.
Please use Foxit reader. Is much smaller and it does the job.
asianxredneckOct 11th 2009 2:34PM
agreed!
r3loadedOct 11th 2009 3:45PM
+1. Millions of reasons to go Foxit.
LordDaManOct 12th 2009 11:07AM
++
This isn't the first huge flaw n adobe reader. in fcat evert month or so it has some other serious flaw in it. Foxit is the way to go
CrossbarOct 11th 2009 1:01PM
Secunia has a cool program that will scan your PC and make sure your programs are up to date.
http://secunia.com/vulnerability_scanning/personal/
blogwardOct 11th 2009 1:10PM
Ummm... I haven't installed or used Adobe Reader in over a year. Haven't missed it either. Adobe produces some of the worst bloatware there is.
AlbertOct 11th 2009 1:22PM
well use Ubuntu. i've been using it for years and i don't even need an antivirus software once. Millions of viruses,spywares are just NOT working on it.and if you configure your firewall for net-based attacks you will be just fine.
Still wondering why trust an OS that will have service packs lined up in a year.
der_tuxmanOct 11th 2009 1:43PM
"Who doesn't have Adobe Reader on their machine?" - I don't. It sucks.
Recently switched from Foxit Reader to PDF-Xchange. Great free tool. :-)
kittencommanderOct 11th 2009 4:32PM
I agree. Foxit is rapidly becoming bloated -- PDF-Xchange is the true alternative to PDF reader bloatware! (Has many more features than Foxit also).
der_tuxmanOct 11th 2009 4:34PM
Indeed. AFAIK it is the only (?) free PDF viewer with manipulation features.
last_man1Oct 11th 2009 2:36PM
Why anybody who actually has the ability to "update their own computer" is still using Adobe Reader is beyond me...PDF -X is the best alternative PDF reader going now it's a must have upgrade from Adobe Reader...but as usual if its popularity becomes mainstream it will be a target of hackers as well.
Corporate workers are usually locked into Adobe Reader by their system administrators who have to "test" all updates for compatibility to apps on their networks...which is why somethings just don't get patched in a timely way.
A really good set of sites to bookmark if you don't have it already done is : www.filehippo.com and also www.snapfiles.com (where you can find and download PDF - X reader and put that Adobe Reader where it really belongs in the "Recycle Bin" for good....
You have to have Adobe Flash but you choose to have Adobe Reader....and I choose to remove it from every machine I administer. Waiting for "Silverlight" to take off and get popular enough that we can chuck "Adobe Flash" as well....now granted they have (Adobe) been a great deal more concerned with getting folks to keep their Adobe Flash versions current by sending Update Messages to users which is sort of strange the first time I actually saw the update arrive.
I had to verify it first as should always be the case. But that's what they should be doing. Funny thing though is some people will "still blow it off", and risk getting exploited...due to their behavior not Adobe's.
Doron Ben ChaimOct 11th 2009 2:38PM
This is a FUD article if I've ever seen one, DS instead of just reporting that Adobe is still a pos company, maybe you should recommend some alternatives such as, Foxit or PDF-Xchange. Then keeping our OS patched is really all we need to do.
Chewy&GoOct 11th 2009 3:29PM
That's what the comments are for. I think the above commenters covered the (very well advised) alternatives quite well.
kojo87Oct 11th 2009 5:44PM
honestly i didn't even read the article. just the comments. Adobe Reader is off my machine and PDF-Xchange is installing as we speak.
i used to love Download Squad but im starting to read every article with a great amount of skepticism
JiOct 11th 2009 6:16PM
I love Sumatra PDF, and there is something about Foxit that I just don't like.
Michael PaulOct 11th 2009 8:41PM
I'm a Sumatra PDF fan also. Been using is for most of the year. Works great for me. http://blog.kowalczyk.info/software/sumatrapdf/index.html
MikeyOct 11th 2009 10:04PM
Ubuntu's package management systems maintains all system files (core system and applications alike). This really simplifies things. The application company submits there application to the repository, who then pushes it to users along with core system patches.
rokubungiOct 12th 2009 2:44AM
been using foxit for about a year and a half now I've noticed a lot of unwanted features creeping in (stop nagging me foxit!!!) it might be about time to try out pdf xchange or sumatra
now if only there were a good third party alternative for flash...
Marty K.Oct 12th 2009 3:24AM
"What do you do to make sure your machine is as secure as you can make it?"
I run Linux. ;)
ApfelgluckOct 12th 2009 4:12AM
The article is not limited to Adobe Reader! As I understand it the general idea is to stay vigilant not only regarding OS updates but applications - mainly those intensively used and mare particularly those accessing the Web - as well. It's a good thing to have this reminded.
As for Adobe Reader, I use it and have always found alternatives to be of lesser rendering quality and lacking advanced options. Also, these alternatives have had as well their lot of flaws, Foxit as well.
Last but not least, There are fashions of love and haste, and being anti-Adobe is of those, like anti-Microsoft. This attitude is relevant IMO of either childishness and/or follwers of the pack. Think free, gentlemen!