Adobe Introduces the Paid Security Fix 392
Nimey writes "Adobe has posted a security bulletin for Photoshop CS5 for Windows and OSX. It seems there is a critical security hole that will allow attackers to execute arbitrary code in the context of the user running the affected application. Adobe's fix? You need to pay to upgrade to Photoshop CS6. For users who cannot upgrade to Adobe Photoshop CS6, Adobe recommends users follow security best practices and exercise caution when opening files from unknown or untrusted sources."
What a scam (Score:5, Insightful)
I can see it now, all software vendors are going to introduce security flaws or wait until one is discovered to release the next paid upgrade release.
I think a class action suit is in order for all the holders of the older version. It their software causes a security hole and if one person gets hammered by it then like the car companies having to recall and fix cars, software vendors will have to do likewise.
Are you listening Adobe.
Re:Ugh (Score:4, Insightful)
No, CS 5.5 was the latest version before 6. And considering CS5 came out April of 2010 it technically is a 'years-old version'. Still a scam, though.
Call it the /. method (Score:5, Insightful)
And they wonder why there's so much piracy ... (Score:3, Insightful)
Re:Glad I'm using the GIMP... (Score:5, Insightful)
Re:Call it the Microsoft method (Score:3, Insightful)
Re:Call it the Microsoft method (Score:5, Insightful)
Three orders of magnitude is very large in real life.
Windows 7 Ultimate: $200
Photoshop CS6: $700
Oh yeah, Microsoft is so much worse.
Re:Car analogy (Score:5, Insightful)
No, but I could have my identity stolen, bank accounts compromised, vital information about friends/family/co-workers/customers stolen, etc. Looking only at one extreme possibility (or non-possibility, as you used) is, well, pretty damn narrow-minded.
This is nothing new (Score:5, Insightful)
There is an old story I will retell that should serve as a warning for all customers.
Once upon a time, there was a transport company employee charged with replacing a large segment of the companies trucks made by Volvo. The employee, being a bright individual called up a sales clerk from Ford that had been trying to get a foot in the door and asked him to send three Ford trucks for testing. The day the Volvo sales clerk came to make discuss the purchase of new Volvo trucks, these three Ford trucks happened to be parked on the lot. When the trucking company employee saw the Volvo sales clerk glance at them, he said "Yeah, the boss has been looking them, he seems to think they are an alternative worth looking into. But that is for later, lets discuss the deal you were going to offer us".
In another company far far away, an CTO who loved IBM hardware knew it was time to discuss the purchase of new hardware, so he ordered an underling to set up a trial project with HP servers, just to see what the competition was doing. When the IBM man came by he of course showed him the workfloor including the corner where the junior was working on those shiny new HP servers, "Got to give the kids their toys to play with " the CTO told the IBM sales clerk. "Btw, what was the price you were going to ask for again".
But in the dark and damp lands of Mordor, a very different tale was playing out. There the CTO invited the MS and Abobe sales clerk and proudly showed them how his entire business depended completely on their software product and how not only did they need the software to work flawlessly or they would be bankrupt in seconds, all the staff could only use the latest software and their customers demanded that they use the latest software. "BTW", The CTO asked, "what was that deal you wanted me to sign in my own blood again while bending over"? And there was much rejoicing among the Tribes of MS and Abobe, for they knew exactly who was calling the shots. One lockin to rule them all and in Eula bind them. For the users of MS and Abobe where greedy and feeble minded and could not break free of the spell.
---
Really, this is nothing new. In the land of NAS and control systems, this is par de course. You let a supplier control you, control you they will. Want to break free? Good luck, your company needs the new version, license or risk being unable to produce so you hand them the cash and lock yourself in just a little bit more.
Not a SINGLE Photoshop user will invest in his own freedom by making sure there are alternative methods to do his production. They will grind their teeth buy the latest version and invest yet more to make sure their production is entirely locked into Adobe clutches.
Cue countless protests about how there are no alternatives... no, there are none because any who dares to try is ridiculed for not instantly producting a 100% compatible product for free because freedom should be free of effort and cost.
You gave Adobe the control, enjoy it.
It is not as if you are alone. Governments often dictate that procurement must be regulated, meaning that once a procurement contract has been done, all interest in customer satisfaction goes out the window because the contract is fixed, can't be ended and renewal depends solely on the price offered (not charged) so fuck you peon.
I seen it to often in other industries, entire production line depended on one type of machine, fired your own maintenance team and anyone who could switch them out with other hardware. Goes, the "extra" charges sure went up a lot didn't they? Suddenly maintenance must be done by their certified team, at weekend charges.
Lockin, avoid it or pay the price.
Time to switch to Pixelmator or GIMP or something. (Score:0, Insightful)
Fuck Adobe.
Re:This is not new (Score:5, Insightful)
More importantly, if you bought CS5 for $2000 just three months ago, you have to pay to upgrade. It's like your iPhone 4 warranty running out when the 4s was released, even if you just purchased a v4 a couple weeks before hand.
Re:Fuck you, Adobe! (Score:4, Insightful)
You also can't accomplish the same things on-budget and on-timeline with GIMP that you can with the full CS suite.
While I'm mightily annoyed with Adobe for how they handle bugfixes, the sheer size of their product means that a proper QA cycle would last them almost as long as their point release cycle. I don't really think there's any good solution -- the open source suites are too disjointed and just don't cut it still for most professional work (this is true... GIMP is really good at what it does, but it's a lossy image editing program, not part of a DTP workflow), and spending the time to create bugfixes and then QA them properly for previous versions of CS would just cost Adobe too much money, more than they'd be able to pass on to the consumer.
Re:Call it the Microsoft method (Score:5, Insightful)
If it's broken, get them to buy something to fix it.
Oh come on, this 'oh Microsoft is just as bad' is the biggest cop-out. In this case it's just a blatant lie, CS5 was released early 2010 and this announcement means they've discontinued support for it, Windows XP was released in 2001 and is still supported now and will be until mid-2014.
Re:Glad I'm using the GIMP... (Score:3, Insightful)
Actually, they now have a $50/month subscription service that allows install on 2 computers (non-simultaeneous use).
The $600/year comes to 2-3 times as much as keeping current ($300 year for every upgrade since CS3, or about $200 year to go from 3-6), but does not have the $1800 upfront cost, meaning for new purchasers are actually ahead for about 4-6 years. An upgrade from 5 -> 6 is $725, so it's 2 years before it's more expensive to use the subscription than purchasing the upgrade (the subscription comes with cloudiness, and the full master-collection, but I'm using Design and Web Premium prices).
I the the relatively low start-up cost ($50) of the subscription, is going to seriously cut-into piracy, and make them A LOT of money.
Suckers. (Score:5, Insightful)
Adobe's fix? You need to pay to upgrade [from CS5] to Photoshop CS6.
Ah yes, I would be delighted to buy more software from you, since it worked out so well last time around.
Re:Call it the Microsoft method (Score:3, Insightful)
1000 / 3.5 ~= 285. Of course, that assumes you believe the OP's billions vs millions claim.
Sources claim 650M for windows 7:
http://news.softpedia.com/news/Windows-7-Approximately-650-Million-Sold-Licenses-by-the-End-of-2011-202026.shtml [softpedia.com]
http://finance.yahoo.com/q/ks?s=ADBE+Key+Statistics [yahoo.com]
If 100% of Adobe's 4.2B revenue comes from $700 Photoshop sales, that's 6M units/year, call that 24M units over the lifespan of windows 7 since release in 2009.
So for every unit of Photshop, you have at least 27 units of windows. Factor in the 3.5X price and you still have about 8 equivalent units of windows for every photshop over which to amortize costs.
Re:Car analogy (Score:4, Insightful)
I know people here like to bash on Microsoft, but thay are going to support XP through 2014. Windows 8 will be out. That's 13 years, and *3* versions later.
Considering the insane price Adobe sells CS, You'd think they could at least fix security holes for a little while.
Re:Call it the Microsoft method (Score:4, Insightful)
*cough*IBM typewriters*cough*
Re:Nobody is going to exploit this. (Score:4, Insightful)
They used to do that but it's rare now.
These days all that saying you have never run into a virus or exploit means for many people is that they are silently pwned.
Re:Call it the Microsoft method (Score:5, Insightful)
Windows ME got 6 years of support (Microsoft offers a minimum of 10 years of support for Business and Developer products). Mac OS 10.3 got 4 years of support (Apple don't have a defined policy for their life cycle, just a general rule that they offer support for the current and previous version). REHL will get 13 years of support.
Two years of support for CS5 is not just "a *bit* quick" for such expensive, professional software. It is an insult.
Re:Call it the Microsoft method (Score:5, Insightful)
MS security fixes are not "no cost".
They just look cheaper on the surface, because the cost is amortized across BILLIONS of forced Windows licenses, instead of MILLIONS of Photoshop licenses.
Three orders of magnitude is very large in real life.
Does not compute. Windows XP has been around for a decade. XP will have received "free" updates for 12 years when support is finally dropped. On the other hand, Adobe Photoshop has had 8 major version releases during that time. According to Adobe's website site, 4 of those versions are no longer supported...and apparently we need to add another few versions to the list.
Bitch about MS all you want, but their support of security fixes for Windows and Office has been excellent compared to companies like Adobe. If I were a Photoshop user I would have spent thousands of dollars to keep my version in support compared to the $200 that XP costs up front. And yes, it really isn't fair to compare OS support to application support.
Re:Call it the Microsoft method (Score:5, Insightful)
You're not a programmer, are you?
You certainly know nothing about how impossible it is to write "perfect" software.
Re:Call it the Microsoft method (Score:0, Insightful)
That has absolutely NOTHING to do with security patches or vulnerabilities. NOTHING. What's your fucking point?
Re:What a scam (Score:4, Insightful)
"Sure, except to use the software you agreed to the EULA where Adobe disclaimed themselves against any such defects. Good luck with that."
They might in fact have good luck with that. The fact that something in the EULA doesn't make it law. Or even valid.
For example, some states have laws saying that if you sell a product intended for a particular purpose, there is an implied warranty that the product is fit for that purpose... no matter what kind of disclaimer the seller puts on it.
Don't mistake EULAs and Limited Warranties for law. Corporate lawyers don't necessarily put valid stuff in there. On the contrary: what they include are things they'd like you to believe, and that they HOPE they can convince a judge of, if it ever goes to court. And in some cases they even include stuff that they KNOW won't stand up in court.
Re:Call it the Microsoft method (Score:5, Insightful)
I have to agree, MS has indeed patched XP for a long time. MS gets lots of practice in patching security holes but to their credit (I never thought I'd say that about MS!) they have not charged anything for it. I can't even complain about them dropping support for XP in 2014; they've carried it for a long, long time and that is pretty responsible behavior (given the very slow move away from XP). Neither did they need to provide patches to pirated versions, but they did that in the best interests of the worldwide computing community.
IIRC Adobe is not the first to pull this "buy the new version" stunt.
Re:This is nothing new (Score:5, Insightful)
Re:This is not new (Score:5, Insightful)
"More importantly, if you bought CS5 for $2000 just three months ago, you have to pay to upgrade."
Good reason not to pay for it in the first place.
Re:obvious.... (Score:4, Insightful)
In a way, it is obvious...
if old version has a problem
and new version doesn't have (this particular) problem
then solution = buy the new version.
If it was the current release that was buggy, I would say they should put developers on a fix... If it is a flaw in an older version, that doesn't exist in the new version, then telling the customers to buy the current version is perfectly acceptable.
If they were already in development on the new version when they found out about a flaw in the current version... then its a decision about how much developer time it will cost to create a fix for the old (current) version and whether that time could be put to better use working on the new version. I deal with those kind of questions all the time at work myself. They are not easy.
Re:obvious.... (Score:5, Insightful)
Re:obvious.... (Score:5, Insightful)
Look at the release date of Adobe CS6. It was released on the 7th of May, basically just a few days ago. Now look at when the bug apparently reported to them [protekresearchlab.com] - back in September of last year! It looks very much like Adobe have delayed fixing a serious security vulnerability until they could get away with charging users for the fix.