Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Security OS X Software The Almighty Buck Upgrades IT

Adobe Introduces the Paid Security Fix 392

Posted by timothy
from the sure-would-be-a-shame-if-somethin'-was-ta-happen dept.
Nimey writes "Adobe has posted a security bulletin for Photoshop CS5 for Windows and OSX. It seems there is a critical security hole that will allow attackers to execute arbitrary code in the context of the user running the affected application. Adobe's fix? You need to pay to upgrade to Photoshop CS6. For users who cannot upgrade to Adobe Photoshop CS6, Adobe recommends users follow security best practices and exercise caution when opening files from unknown or untrusted sources."
This discussion has been archived. No new comments can be posted.

Adobe Introduces the Paid Security Fix

Comments Filter:
  • What a scam (Score:5, Insightful)

    by StillNeedMoreCoffee (123989) on Thursday May 10, 2012 @04:46PM (#39959743)

    I can see it now, all software vendors are going to introduce security flaws or wait until one is discovered to release the next paid upgrade release.

    I think a class action suit is in order for all the holders of the older version. It their software causes a security hole and if one person gets hammered by it then like the car companies having to recall and fix cars, software vendors will have to do likewise.

    Are you listening Adobe.

    • Sure, except to use the software you agreed to the EULA where Adobe disclaimed themselves against any such defects. Good luck with that.

      • by geekoid (135745)

        I would love to see it.
        Adobe made a defective product. A recall should happen.

      • Re:What a scam (Score:4, Insightful)

        by Jane Q. Public (1010737) on Thursday May 10, 2012 @06:32PM (#39960891)

        "Sure, except to use the software you agreed to the EULA where Adobe disclaimed themselves against any such defects. Good luck with that."

        They might in fact have good luck with that. The fact that something in the EULA doesn't make it law. Or even valid.

        For example, some states have laws saying that if you sell a product intended for a particular purpose, there is an implied warranty that the product is fit for that purpose... no matter what kind of disclaimer the seller puts on it.

        Don't mistake EULAs and Limited Warranties for law. Corporate lawyers don't necessarily put valid stuff in there. On the contrary: what they include are things they'd like you to believe, and that they HOPE they can convince a judge of, if it ever goes to court. And in some cases they even include stuff that they KNOW won't stand up in court.

    • by Grishnakh (216268)

      No one's going to get killed if their PC gets pwned by malware in an image file. It's not like elevator control systems (see nearby Slashdot article) are running Photoshop. I don't see how they have any responsibility at all to even bother making their software secure. If you don't like it, don't buy their products.

      • by cpu6502 (1960974)

        Why not? Sony got in trouble for damaging people's PCs (making them unbootable or breaking installed software). Let's put Adobe in a courtroom too.

        Of course Adobe could argue other companies do it. Apple and Microsoft do it when they stop filling holes in their old OSes, and tell you to upgrade to OS 10.7 or Win7. Mozilla does it when they abandon Firefox 4 or seaMonkey 2.0 and say, "You're on your own."

    • Re:What a scam (Score:5, Interesting)

      by aaronb1138 (2035478) on Thursday May 10, 2012 @05:44PM (#39960375)

      I just go with a policy of buying new copies of software every several versions. If I need a feature or bug fix from a version in between buying cycles, I have no moral issues obtaining an upgrade through alternate channels.

      Pretty much the way I look at it is, if I buy a product with a manufacturer defect, there should be no limitations on my ability to obtain a refund for the product. In the case of software, I don't find it unreasonable to skip past the unreasonable methods I would need to pursue to obtain a refund and purchase a fixed version.

      Lemon laws don't exist to protect consumers from the idea that an automobile is a failure, but rather to prevent consumers from being burdened by unreasonable processes for obtaining a working automobile pursuant to the arrangements they made at purchase.

      Also, no one should ever feel respect or bound to an EULA. The practice itself is inherently outside of common and established legal practices. If I were presented the license at the time of purchase, prior to paying, I might be able to respect it. Based on the concept of the EULA, I could have my PC pass a counter EULA to the installer or e-mailed to the vendor which outlined my requirements of their software in order to occupy space on my hard drive. If the installer continues, can I not consider their consent to be implied.

      It's the same reason, no one thinks twice about installing an ad-block on their browser. They have a right to control what content runs and executes on their computing device. I've voiced the opinion for quite some time that advertisements which attempt to get around ad-blocking actually constitute violations of most computer hacking laws (use of processing time on a computing system without authorization).

  • Ugh (Score:3, Informative)

    by bonch (38532) * on Thursday May 10, 2012 @04:46PM (#39959747)

    If this was a years-old version, I'd understand, but CS5 was the latest version until literally days ago!

    • Re:Ugh (Score:4, Insightful)

      by HarrySquatter (1698416) on Thursday May 10, 2012 @04:52PM (#39959823)

      No, CS 5.5 was the latest version before 6. And considering CS5 came out April of 2010 it technically is a 'years-old version'. Still a scam, though.

    • Re: (Score:2, Interesting)

      by turbidostato (878842)

      "If this was a years-old version, I'd understand"

      Well, I don't.

      If it's a years old version and *yet* after years of pushing security and bugfixes there're still more, it can only mean that the product they sold was basically cow shit and they deserve what it takes to protect it.

      You don't want to push security updates forever? Damn easy: just don't push away shitty software.

  • Car analogy (Score:3, Funny)

    by TheMeuge (645043) on Thursday May 10, 2012 @04:46PM (#39959751)

    This is akin to buying a 2010 Chevy (under warranty), then finding out that the brakes catch on fire under certain circumstances, and the company's suggestion: buy a 2012.

    • This is a terrible analogy. First of all, software doesn't come with a warranty. In fact don't most (or all) EULA's specifically say there is NO warranty, explicit or implied, that makes them liable for damages of any sort?

      Also, if the "certain circumstances" for your brakes catching fire are "you don't know how to drive properly", that changes things, right?

      • by geekoid (135745)

        oh, well a EULA. stop the presses.

      • "In fact don't most (or all) EULA's specifically say there is NO warranty, explicit or implied, that makes them liable for damages of any sort?"

        Yes, so they say.

        And for the same price they could say you owe them your firstborn.

        They saying what they want doesn't make it automatically legally bonding, didn't you know it?

      • by vux984 (928602)

        First of all, software doesn't come with a warranty. In fact don't most (or all) EULA's specifically say there is NO warranty, explicit or implied, that makes them liable for damages of any sort?

        This is the basic approach:

        We provide no warranty:

        COMPANY PROVIDES NO REMEDIES OR WARRANTIES, WHETHER EXPRESS OR IMPLIED, FOR THE SOFTWARE.

        We try and get out of any warranty that you might get from consumer protection laws by explicitly decaring its sold "as-is" and that we don't represent that its "merchantable" or

    • by exomondo (1725132)

      This is akin to buying a 2010 Chevy (under warranty), then finding out that the brakes catch on fire under certain circumstances, and the company's suggestion: buy a 2012.

      Your Adobe CS suite is under warranty and they are denying you a fix?

  • Be a shame if something bad happened to it...

    Wow... Actually sounds like our medical system. And just about every other "system" we have. Cars, houses, etc...

    Wow, now that I think about it, that sucks.

    Blech.

  • Fuck you, Adobe! (Score:5, Interesting)

    by Narcocide (102829) on Thursday May 10, 2012 @04:47PM (#39959769) Homepage

    Since I can't mod Adobe "-1 flamebait" I'll just say it again. Fuck you, Adobe! I'd like to go on record as stating that you should all be ashamed of yourselves.

    • Re:Fuck you, Adobe! (Score:5, Interesting)

      by Bodhammer (559311) on Thursday May 10, 2012 @04:51PM (#39959813)
      Bump for agreement. Blow me Adobe...
    • by Grishnakh (216268)

      I think it's great, and I hope more proprietary software vendors choose this method of dealing with security problems. If you don't like it, you're free to not buy their products.

      I don't have this problem with GIMP or various other open-source products I use.

      • You also can't accomplish the same things on-budget and on-timeline with GIMP that you can with the full CS suite.

        While I'm mightily annoyed with Adobe for how they handle bugfixes, the sheer size of their product means that a proper QA cycle would last them almost as long as their point release cycle. I don't really think there's any good solution -- the open source suites are too disjointed and just don't cut it still for most professional work (this is true... GIMP is really good at what it does, but it's a lossy image editing program, not part of a DTP workflow), and spending the time to create bugfixes and then QA them properly for previous versions of CS would just cost Adobe too much money, more than they'd be able to pass on to the consumer.

    • by Sycraft-fu (314770) on Thursday May 10, 2012 @05:56PM (#39960469)

      CS6 just launched and I mean JUST. It shipped on May 7th. So this isn't a case of an old version where Adobe is saying "Look guys, we are discontinuing support, have to buy the new one if you want it." The "old" version is only "old" by 3 days now.

  • Interesting enough, the CS collections aren't listed on Adobe's products and Enterprise Technical Support Lifecycle Policy.
    • That's because their Lifecycle policy is approximately: "Fuck you." They'll support a version up until around the time a new version is getting ready to go, then they stop and only deal with the new version.

  • by warren.oates (925589) on Thursday May 10, 2012 @04:55PM (#39959869)
    Seriously. This is why people download pirated versions. Even if you have a paid version of something, the damned thing "phones home" every time you launch it, the bozos are so paranoid. You can disable this in /etc/hosts, but it's still indicative of greedy grubbing stupidity. If they charged a third of the price, they'd sell 3 times more copies. Look what Apple did with FCP -- they made it affordable (yes, I've read the complaints, but it works fine).
  • by TubeSteak (669689) on Thursday May 10, 2012 @04:57PM (#39959893) Journal

    "Just released, and coming in at 370 MB in size, the Mac OS X 10.7.4 update includes general OS fixes, and addresses more than 30 security vulnerabilities. But aside from typical security fixes, Apple has made an interesting move in an effort to protect users. Through this latest software update, Safari 5.1.7 will now automatically disable older â" and typically more vulnerable â" versions of the Adobe Flash player. While many software vendors would prefer OS makers to keep their hands off their software, the move appears to be welcomed by Adobe, which has constantly battled vulnerabilities in its widely installed Flash Player."

    Maybe Apple should disable Photoshop CS5 as well?

    • by Guppy06 (410832)

      If Apple automatically disabled the latest versions of Flash Player as well, I'd actually buy one.

  • by SmallFurryCreature (593017) on Thursday May 10, 2012 @05:04PM (#39959971) Journal

    There is an old story I will retell that should serve as a warning for all customers.

    Once upon a time, there was a transport company employee charged with replacing a large segment of the companies trucks made by Volvo. The employee, being a bright individual called up a sales clerk from Ford that had been trying to get a foot in the door and asked him to send three Ford trucks for testing. The day the Volvo sales clerk came to make discuss the purchase of new Volvo trucks, these three Ford trucks happened to be parked on the lot. When the trucking company employee saw the Volvo sales clerk glance at them, he said "Yeah, the boss has been looking them, he seems to think they are an alternative worth looking into. But that is for later, lets discuss the deal you were going to offer us".

    In another company far far away, an CTO who loved IBM hardware knew it was time to discuss the purchase of new hardware, so he ordered an underling to set up a trial project with HP servers, just to see what the competition was doing. When the IBM man came by he of course showed him the workfloor including the corner where the junior was working on those shiny new HP servers, "Got to give the kids their toys to play with " the CTO told the IBM sales clerk. "Btw, what was the price you were going to ask for again".

    But in the dark and damp lands of Mordor, a very different tale was playing out. There the CTO invited the MS and Abobe sales clerk and proudly showed them how his entire business depended completely on their software product and how not only did they need the software to work flawlessly or they would be bankrupt in seconds, all the staff could only use the latest software and their customers demanded that they use the latest software. "BTW", The CTO asked, "what was that deal you wanted me to sign in my own blood again while bending over"? And there was much rejoicing among the Tribes of MS and Abobe, for they knew exactly who was calling the shots. One lockin to rule them all and in Eula bind them. For the users of MS and Abobe where greedy and feeble minded and could not break free of the spell.

    ---

    Really, this is nothing new. In the land of NAS and control systems, this is par de course. You let a supplier control you, control you they will. Want to break free? Good luck, your company needs the new version, license or risk being unable to produce so you hand them the cash and lock yourself in just a little bit more.

    Not a SINGLE Photoshop user will invest in his own freedom by making sure there are alternative methods to do his production. They will grind their teeth buy the latest version and invest yet more to make sure their production is entirely locked into Adobe clutches.

    Cue countless protests about how there are no alternatives... no, there are none because any who dares to try is ridiculed for not instantly producting a 100% compatible product for free because freedom should be free of effort and cost.

    You gave Adobe the control, enjoy it.

    It is not as if you are alone. Governments often dictate that procurement must be regulated, meaning that once a procurement contract has been done, all interest in customer satisfaction goes out the window because the contract is fixed, can't be ended and renewal depends solely on the price offered (not charged) so fuck you peon.

    I seen it to often in other industries, entire production line depended on one type of machine, fired your own maintenance team and anyone who could switch them out with other hardware. Goes, the "extra" charges sure went up a lot didn't they? Suddenly maintenance must be done by their certified team, at weekend charges.

    Lockin, avoid it or pay the price.

    • by geekoid (135745)

      " can't be ended and renewal depends solely on the price offered (not charged) so fuck you peon."
      not true. A government agency can put out a request for a bid on something else.

    • by bws111 (1216812)

      Did it ever occur to you that people may value things differently?

      Maybe Photoshop users enjoy the freedom being able to hire any artist without special training. Maybe they enjoy the freedom to be able to go to any art school, photography school, community college, or vo-tec program and get quality training on the product. Maybe they enjoy the freedom to get a job at any professional shop that does graphics work. Maybe they enjoy the freedom of being able to send files to and from their clients. Maybe t

  • When I was a teenager, I knew that I wanted to be a software developer. I thought one of the coolest jobs would be to work at Adobe. How amazing would it be to add improvements to software used by famous graphic artists and video studios all over the world?

    Now, I'm glad that I never even attempted to work there. They've become known for security holes all over the place in Flash and Acrobat, glacial pace of development, one poor design decision after the other, and no shortage of performance issues.
  • I made the switch to the Gimp years ago. I got tired of pirating Photoshop. Then, when I switched to Linux, Photoshop doesn't run on Linux. Lo and behold, Gimp is an easy install, and I learned that. Now that I've switched to Mac (for the desktop), I still use Gimp. Ooh, and there's a new version out, and the development version handles high-bit images!
     
      gimp.org [gimp.org]

  • or maybe it was the last week of February. That's a mighty short support cycle for an expensive product. Perhaps a class action would be nice.

    (note: I did not pay retail, but having essentially a 3 month supported period on a major software suite is pretty crappy)

  • Suckers. (Score:5, Insightful)

    by loshwomp (468955) on Thursday May 10, 2012 @05:19PM (#39960131)

    Adobe's fix? You need to pay to upgrade [from CS5] to Photoshop CS6.

    Ah yes, I would be delighted to buy more software from you, since it worked out so well last time around.

  • by greenreaper (205818) on Thursday May 10, 2012 @05:21PM (#39960151) Homepage Journal
    This is especially egregious since according to the researcher's announcement [protekresearchlab.com], Adobe has been sitting on this bug since last September. Users of CS5 should demand a patch.
  • by Un pobre guey (593801) on Thursday May 10, 2012 @07:38PM (#39961589) Homepage
    As I said before [slashdot.org] (received with the standard mockery and excuses), it's hard to empathize with Windows or Adobe users. You know you're buying a paid service. You know they're in it for the money. They aren't your friends or your Mommy or your guardian angel. You give them money, they give you a license to use their product for a while, with premium services at extra cost. It's all in the EULA. You did read it, didn't you?
  • by bryan1945 (301828) on Thursday May 10, 2012 @08:16PM (#39961931) Journal

    That's news.

    • Businesses pay for Photoshop because home users (future employees) grow up using the pirated version at home. Adobe profits from piracy of Photoshop by home users.

      This factoid has been published in the press, and is attributed either to someone from Adobe, or to someone doing a study on the subject.

Our policy is, when in doubt, do the right thing. -- Roy L. Ash, ex-president, Litton Industries

Working...