Suspected PayPal Hackers Seek Deal To Stay Out Of Prison
Did A Google Earth Mistake Cause A Couple's Brutal Murder?
Adobe finally ready to make Reader, Acrobat updates mandatory
Currently in beta testing is the Adobe Refresh Manager which will handle automatic update duties for both products. According to Brad Arkin, Adobe's chief of security and privacy, the current system just isn't working the way it should.
Why not? Because it allows choice. An end user who doesn't want to be bothered with an update can simply click the alert away and go about his or her business. That leaves the app unpatched and open to exploits. And since there's no point at which the update becomes required, users can click warnings away for months -- or even years, as I've seen on plenty of computers.
While this might not be the best solution to the Acrobat security problem, it will at least ensure that end users are running the latest (and hopefully most bulletproof) versions.
Of course, there's a slight problem with being mostly bulletproof...
[via PC World]
Comments
11
Subscribe to commentsRayJan 6th 2010 11:01AM
"Of course, there's a slight problem with being mostly bulletproof..."
BOOM. Headshot!
r3loadedJan 6th 2010 11:21AM
Lol, the bulletproof comment reminded me of a Pink Panther cartoon scene where the inspector is chasing a motorcycle gang.
*inspector shoots at gang leader's tyres*
A: "Haha copper, I have bulletproof tyres!"
*gang leader shoots back*
B: "To you too wise guy, my tyres are also bulletproof"
*gang leader shoots again*
B: "Unfortunately, ze rest of my car was not bulletproof..."
techpopsJan 6th 2010 11:29AM
I'm so glad I ditched Adobe Reader a long time ago. It's a real POS.
A little bird told me that part of the reason for compulsory updates is so Adobe can keep an eye on other Adobe software installed on a users system. Using the reader as a kind of trojan horse to get in and send back information about the keys to Adobe apps like Photoshop. This is of course just a rumour, one I may, or may not have started.
Here's a typical user case scenario for the viewing of a PDF document. User gets out of bed. User wants to read PDF's, has heard Adobe Reader will do that. User goes to download it and instead of getting the download, first has to go through installing a new download system. After lunch user finally has the 16 gigabyte install for the reader software done, along with some extra software they didn't ask for. User goes to read PDF document but now there are updates, these are important security updates. User believes they must have these. After dinner user tries again to read the PDF document and the crowd goes wild, he shoots, he succeeds!
Cue Jingle
|At Adobe Dynamics, we make simple tasks stupidly hard, because we can.
Synergy6Jan 6th 2010 11:32AM
Will this only make security updates mandatory, or all 'feature' updates as well? ('Feature' is Reader-land meaning 'increased bloat for zero useful gain')
Gardiner WestboundJan 6th 2010 11:37AM
Got tired of Adobe nonsense. Switched to Foxit Phantom. This latest news makes me glad I did.
nobody2youJan 6th 2010 12:33PM
I'll just reverse engineer their crap and use it anyway. if i don't want to upgrade that's my choice to make and not theirs. if they did'nt make crap they would'nt have to patch it every week.
just my 2cents
gantderisingJan 6th 2010 1:33PM
exactly.
Jon NiolaJan 6th 2010 2:46PM
They need to do something with the Flash plugin too. It is one of the top attack vectors on un-patched machines.
DavidJan 6th 2010 8:28PM
I would prefer they threw the extra effort into making their software less vulnerable, but that's just crazy, I know...
RyanJan 7th 2010 2:01AM
I've already disabled Adobe ARM in msconfig on my work machine. we use Adobe Professional and don't allow automatic updates. I use FoxIt at home.
RJan 8th 2010 1:19AM
I don't know what genius at Adobe thought it would be a good idea to be able to run javascript in a PDF to begin with.
Funny thing is, you can still obtain older versions of Reader from the Adobe website. Get em while they're still there. The newest version of Reader incorporates Adobe Air, and it's like a 37MB+ download. Sheesh.