Adobe Chided For Insecure Acrobat Reader 179
The Register covers security firm Secunia calling out Adobe for its insecure distribution practices with regard to Adobe Reader. (Here is Secunia's note.) The accusation is that the way Adobe provides Reader extends the software's window of vulnerability once an exploit has begun to circulate. Version 9.1 of Reader, which is what you get when you visit the official download site, contains 10 vulnerabilities that were patched by later releases. "Adobe Systems has been taken to task for offering outdated software on its downloads page that contains dozens of security vulnerabilities, several of which are already being exploited in the wild... Visitors who obtain Adobe Reader from the company's official downloads page will find that it installs version 9.1 of the program on their computers, even though the most recent version was 9.1.2 at time of writing. That could put users at considerable peril given the number of vulnerabilities fixed in the two iterations that have come since 9.1, complains Secunia..."
What? (Score:5, Funny)
There's a version without vulnerabilities?
Re:Who the heck still uses Acrobat Reader? (Score:4, Funny)
Who the heck still uses Acrobat Reader?
Anyone who needs to do more with a PDF than simply read it.
Re:What? (Score:5, Funny)
There's a version without vulnerabilities?
Yeah, the experimental branch called Foxit Reader. I heard it's a lot faster, too.
Re:Who the heck still uses Acrobat Reader? (Score:2, Funny)
> you'll need to download Adobe Reader [insert link] if you want to view it"
If the webmaster had ever watched an end user try to use a computer, he'd Stop Doing That.
Almost universally, the end user does not understand the above paragraph. He gets as far as the link to Acrobat Reader, clicks it (even though of course his computer already has Acrobat Reader; but he doesn't know that, because he doesn't even know what it means), and expects to immediately see the content he's looking for (even though he hasn't clicked, or even noticed, the link to the actual document; generally he thinks the download link he just clicked *is* the document). If he's lucky, at this point, the web browser downloads Yet Another Copy of the Adobe installer and puts it in the default download folder (probably the desktop, unless the computer's been worked over by a competent computer geek at some point). At this point the user has absolutely no idea why the document isn't opening, so he tries again. And again. I've never EVER seen an end user's default download folder with fewer than three copies of the Adobe installer, and six or eight is more common. Eventually, depending on what kind of person the user is, he either gives up (this is the most common outcome) or seeks help from someone he thinks is a computer expert. If he's lucky, his "computer expert" actually understands enough about computers to help him, but at least half the time it's somebody just as clueless as he is (albeit more confident), and they tell him his computer has a virus, which confirms what he suspected anyhow.
Re:What? (Score:4, Funny)
Gesundheit.
Re:Huh? (Score:4, Funny)
MSFT would spend the next decade in court for refusing to allow crapware into the repository. So sorry, it just wouldn't work.
Must.. resist... urge... to... make... joke... about... MS.. and.. courts... and... crapware
Must... try.... to.....make.....up ..something....funny...but...i'm..not..able...to...so..i'll..just ...pretend ...that... i ...dont... want.. to..