Adobe's Flash carries a pretty serious vulnerability, and any machine installed with the most recent version of Flash Player or Acrobat is susceptible to attack.
What do you do when you hear about a case like this? Do vulnerability reports affect what software you use or support? Or are insecure applications just par for the course?
Discussion on:
View:
Show:
I don't know why Adobe chose to allow imbedded Flash in a format designed to represent a printed (non-interactive) document, but it might put an end to PDF being a "safe" document format. Hopefully people won't imbed flash in a PDF, so the other vendors don't feel they have to play catch-up.
I don't appreciate hidden bundled software, and seems to me that Adobe has gotten out of hand. You can't even uninstall Reader without tracking down a special program on their site. Personally, I want to know what's being installed, how much space it's taking up, and only use what I need. Professionally, I administer a small system with "average" users who don't know Flash from mash. For most people a computer is like a car; they need to drive it, not update security patches on demand.
At the bottom of the "Adobe Flash vulnerability affects Flash Player and other Adobe products" vulnerability note (http://www.kb.cert.org/vuls/id/259425) is a link to "Get Adobe Reader" (links to http://www.adobe.com/products/acrobat/readstep2.html). Pure genius and hilarity! :o)
It's impossible to take it seriously anymore. I'm surprised Adobe is still around with the crap they are selling.
It's only a matter of time before people drop Adobe products and move onto products that aren't bloaty, have ridiculous licensing, and aren't as vulnerable.
It's only a matter of time before people drop Adobe products and move onto products that aren't bloaty, have ridiculous licensing, and aren't as vulnerable.
What about those of us that use 90% or more of the functionality of Photoshop on a regular basis. You're happy for us to lose this ability?
Why would I assume I know what others might use. It's arrogant and impossible.
Why would I assume I know what others might use. It's arrogant and impossible.
Are you happy with your level of dependency on insecure bloated flakey garbage?
You shouldn't be after all it's not the first vulnerability they've had discovered, and given waht I can see of their approach, won't be the last either.
You shouldn't be after all it's not the first vulnerability they've had discovered, and given waht I can see of their approach, won't be the last either.
They've said the patch is ready by July 30th.. my stopwatch is ticking.
The problem with PDF is that the format itself is rather handy but only Adobe converters can really produce that fine looking file. CutePDF comes closest for me but it still lacks some features of the format.
If they can address the vulnerabilities in a timely manner then that's something at least. Seven days is far better than Flash Player 10 64bit's year or more delay outside of Windows and osX. The Linux native 64bit beta seems to work ok; it's about time I checked back to see if a production release of it is available yet.
The problem with PDF is that the format itself is rather handy but only Adobe converters can really produce that fine looking file. CutePDF comes closest for me but it still lacks some features of the format.
If they can address the vulnerabilities in a timely manner then that's something at least. Seven days is far better than Flash Player 10 64bit's year or more delay outside of Windows and osX. The Linux native 64bit beta seems to work ok; it's about time I checked back to see if a production release of it is available yet.
I never assumed anything, I stated a fact. Adobe is crapware. They have security issue constantly and are bloating out their products to the point where they are unusable.
What should I be using instead of Adobe? No-one is answering this question.
We don't use it to produce the PDfs in our applications, but that's because it doesn't integrate very well. We don't do Flash, and graphics manipulation we use GIMP.
Marketing use it for their stuff, as do our Technical writers.
Marketing use it for their stuff, as do our Technical writers.
There are some functions that other programs don't provide so it it's one of those then your stuck with Adobe.
If you need a PDF writer, CutePDF works well for windows. You don't get clickable hyperlinks and it also doesn't work well for huge files. Outside of those two limitations, it works very well for a Windows solution.
In terms of the file format, PDF is very handy but I wouldn't be apposed to using a different static print ready format with a "writer" printer driver and light viewers. This is probably more the case being that the issue is allowing dynamic content embedded within static PDF. And badly done dynamic content also being that it's Flash media format.
Outside of PDF formats, there are replacements for Adobe's other software unless your in that 10% of professionals that required the more industrial functions. In this case, it would take time for some of the competing products to catch up but I can see GIMP and GIMPshop improving pretty quick with those new user needs. Blender has evolved drastically through the very same effect of professionals using it and requesting changes.
If you need a PDF writer, CutePDF works well for windows. You don't get clickable hyperlinks and it also doesn't work well for huge files. Outside of those two limitations, it works very well for a Windows solution.
In terms of the file format, PDF is very handy but I wouldn't be apposed to using a different static print ready format with a "writer" printer driver and light viewers. This is probably more the case being that the issue is allowing dynamic content embedded within static PDF. And badly done dynamic content also being that it's Flash media format.
Outside of PDF formats, there are replacements for Adobe's other software unless your in that 10% of professionals that required the more industrial functions. In this case, it would take time for some of the competing products to catch up but I can see GIMP and GIMPshop improving pretty quick with those new user needs. Blender has evolved drastically through the very same effect of professionals using it and requesting changes.
PDF reader: foxit reader - excellent lightweight pdf reader with tabbed functionality - no need to open multiple reader apps to have multiple docs open
PDF creator: loads out there, many act as simple printer emulators; foxit have one, cutepdf, pdfill
PDF manipulation software: cutepdf pro, foxit pdf writer, pdfill pdf editor
PDF indexing for sharepoint: foxit again, 4 times faster than adobe's efforts at indexing pdfs, though admittedly not free for servers, free for indexing and integrating in to desktop search engines though
Photoshop: well, you can't beat photoshop for hardcore image editing, some good free alternatives though iof your bods aint so hardcore; paint.net gimp
you don't have to rely on adobe, there are many cheap, or free lightweight alternatives out there to adobes behemoth apps for general office use.
PDF creator: loads out there, many act as simple printer emulators; foxit have one, cutepdf, pdfill
PDF manipulation software: cutepdf pro, foxit pdf writer, pdfill pdf editor
PDF indexing for sharepoint: foxit again, 4 times faster than adobe's efforts at indexing pdfs, though admittedly not free for servers, free for indexing and integrating in to desktop search engines though
Photoshop: well, you can't beat photoshop for hardcore image editing, some good free alternatives though iof your bods aint so hardcore; paint.net gimp
you don't have to rely on adobe, there are many cheap, or free lightweight alternatives out there to adobes behemoth apps for general office use.
It's biggest drawback is that it only works on Windows. So, not a good solution for Mac or Linux users.
I've seen CutePDF and FoxIT-3 mentioned in several other posts here. That's what I use and recommend to my customers. CutePDF is a fantastic PDF creator. It simply installs as a printer. If you can assemble something and print it, you've got a PDF. As far as viewing PDFs, FoxIT 3 is very nice. I've dropped this combo on several dozen customers without a complaint.
Funny, I was just working with a customer yesterday. She had a problem, and was way behind on updates, so I decided to kick them all off before proceding. I made the mistake of allowing Acrobat 8-3 to kick off. It took something like 15 minutes, then wanted a reboot! Folks, this is a dang PDF reader, not an accounting system! Admitedly, my cheapo customer has a crap machine, but this is raging insanity. Didn't I see somewhere else on TechRepublic that Adobe was rated the #1 annoying and intrusive software? That's amazing. Microsoft and Symantec are pretty hard to beat in that category.
Funny, I was just working with a customer yesterday. She had a problem, and was way behind on updates, so I decided to kick them all off before proceding. I made the mistake of allowing Acrobat 8-3 to kick off. It took something like 15 minutes, then wanted a reboot! Folks, this is a dang PDF reader, not an accounting system! Admitedly, my cheapo customer has a crap machine, but this is raging insanity. Didn't I see somewhere else on TechRepublic that Adobe was rated the #1 annoying and intrusive software? That's amazing. Microsoft and Symantec are pretty hard to beat in that category.
While I sympathize with general thrust of the article...
"The thing that really burns me is that I hadn?t even realized those features had been bundled into the version I am using."
That's no ones fault but yours. It's up to us all to learn what the apps we use are capable of, and how to operate them safely and effectively. Particularly as IT Professionals.
Average users, maybe I'd accept might need training in the more elaborate processes and functions of an application. Some of them, not all.
Regarding the preference for small apps, I kind of agree, and kind of don't. For simple tasks it makes sense, but for a lot of application domains, it doesn't.
Try breaking something like AutoCAD into small chunks that make sense. There's so much underlying code that would need to be duplicated in each mini-app that they'd be almost as large and complex as the full system. Also the moment you need one function that's not in the min-app, you need to manage extra applications. For most people I think this would be more confusing than one app that covers the domain.
Personally, I have no problem with bundling everything into a big application. I don't find it significantly harder to learn or support them. After all 20 menus is not more complex or difficult than 2. You learn them one at a time anyway, there are just more of them.
Really, the issue isn't that more functionality is bundled together, it's that the vendor doesn't do sufficient testing of the final combination. This applies to most large Vendors. Ultimately, they chose to include the functions so they have the responsibility to ensure they're correct.
It's about time the big vendors started using automated verification of the correctness of their code. The theory behind this is now fairly mature, so why aren't they using it? The cost divided over the number of units sold would be minimal.
"The thing that really burns me is that I hadn?t even realized those features had been bundled into the version I am using."
That's no ones fault but yours. It's up to us all to learn what the apps we use are capable of, and how to operate them safely and effectively. Particularly as IT Professionals.
Average users, maybe I'd accept might need training in the more elaborate processes and functions of an application. Some of them, not all.
Regarding the preference for small apps, I kind of agree, and kind of don't. For simple tasks it makes sense, but for a lot of application domains, it doesn't.
Try breaking something like AutoCAD into small chunks that make sense. There's so much underlying code that would need to be duplicated in each mini-app that they'd be almost as large and complex as the full system. Also the moment you need one function that's not in the min-app, you need to manage extra applications. For most people I think this would be more confusing than one app that covers the domain.
Personally, I have no problem with bundling everything into a big application. I don't find it significantly harder to learn or support them. After all 20 menus is not more complex or difficult than 2. You learn them one at a time anyway, there are just more of them.
Really, the issue isn't that more functionality is bundled together, it's that the vendor doesn't do sufficient testing of the final combination. This applies to most large Vendors. Ultimately, they chose to include the functions so they have the responsibility to ensure they're correct.
It's about time the big vendors started using automated verification of the correctness of their code. The theory behind this is now fairly mature, so why aren't they using it? The cost divided over the number of units sold would be minimal.
All I usually want is to read pdf's and the Adobe reader used to small, fast and no fuss to use. Now I have to fight off massive upgrades and upgrade/no/defer dialogue boxes and even a Windows Adobe start-up task. Adobe is not yet as bad as Apple with it's Quicktime upgrades and Sun with it's Java upgrades; all trying to sneak in a Yahoo toolbar to my browser. Apple at least have stopped trying to sneak in ITunes and Safari installs. Acrobat 6 was 15MB and 8.12 is now 22MB. The original was 5MB.
Software vendors just assume bandwidth and memory are cheap so why optimise for size any more?
Software vendors just assume bandwidth and memory are cheap so why optimise for size any more?
I think many of you are just plain missing the boat on this. It's not about a single application with many features it's about 1 program installing two. Adobe Acrobat and Flash are two separate programs linked together. It is this idea that irks me. I install one program and am not given the option to select what I want intalled.
The program I have issue with is the Nero Burning program. I wasn't aware that Nero would also install a file indexer program and that file indexer would prevent my system from shutting down because nmiindexer.exe stopped responding.
Bloat is when a developer thinks a 3rd party addon is going to make sense or make life easier for the end user when in fact it only complicate matters. When you can't uninstall the one without affecting the other, it's just plain madness.
The program I have issue with is the Nero Burning program. I wasn't aware that Nero would also install a file indexer program and that file indexer would prevent my system from shutting down because nmiindexer.exe stopped responding.
Bloat is when a developer thinks a 3rd party addon is going to make sense or make life easier for the end user when in fact it only complicate matters. When you can't uninstall the one without affecting the other, it's just plain madness.
Jst view a pdf file in your browser and look at the names and number of the dlls it loads.
...a developer gets more obsessed with grafting more and more features into a system with a greater priority given to time-to-market than quality or efficiency to the end user.
A prime example of Adobe's bloat factor is that they feel the need to pre-load Acrobat at boot time so that the user doesn't have to wait 30 seconds for it to load when it's actually needed. They figure most people won't notice the extra seconds their boot up takes compared to the annoyance they'd feel staring at a splash screen it if had to load on-demand.
A prime example of Adobe's bloat factor is that they feel the need to pre-load Acrobat at boot time so that the user doesn't have to wait 30 seconds for it to load when it's actually needed. They figure most people won't notice the extra seconds their boot up takes compared to the annoyance they'd feel staring at a splash screen it if had to load on-demand.
I installed the latest update of ITunes last week, and Safari and Mobile Me were both checked off by default. Thanks, Apple - I don't even have an iPhone!
I 'm using Foxit Reader for a long while now; works great and fast. Good enough for me !
With automatic upgrades too; just had one.
With automatic upgrades too; just had one.
In regard to why they included the feature, I think you answered the question with "I understand that the technology industry has to remain profitable"
SWF are used in display ads and can make money for the author of the PDF.
SWF are used in display ads and can make money for the author of the PDF.
It's great to reuse libraries and only install the features I need. It is also great to know that there are many eyes looking at the code, keeping the development team honest.
For previous versions of the Acrobat reader it was possible to prevent the loading of unnecessary DLLs by useing a switch at launch. Does the latest reader still allow this, and does anyone know what the switches are?
Features:
1) Smaller than Acrobat (less than 20MB disk space).
2) Executable has switches, which make it easy to roll out to users via a script.
3) Preferences can be pre-defined on 1 computer... exported to server... then imported by all computers at logon time via a script.
4) Ability to annotate PDF's.
5) If a PDF cannot be viewed in the reader (has only happened once)... and you have any version of acrobat on the computer... (we have version 5)... then an acrobat button appears in the lower right hand corner... clicking this will display the PDF in acrobat.
6) Opens PDF's in a new Tab.
1) Smaller than Acrobat (less than 20MB disk space).
2) Executable has switches, which make it easy to roll out to users via a script.
3) Preferences can be pre-defined on 1 computer... exported to server... then imported by all computers at logon time via a script.
4) Ability to annotate PDF's.
5) If a PDF cannot be viewed in the reader (has only happened once)... and you have any version of acrobat on the computer... (we have version 5)... then an acrobat button appears in the lower right hand corner... clicking this will display the PDF in acrobat.
6) Opens PDF's in a new Tab.
if you really want protection. The malware will simply look for Adobe reader and execute it.
WOW! Absolutely NO advisories at Secunia for this product. Excellent choice registration999!! I hope PDF X-Change View works for x64 system!
WOW! Absolutely NO advisories at Secunia for this product. Excellent choice registration999!! I hope PDF X-Change View works for x64 system!
Our office uses Bluebeam in place of Acrobat in every instance. Most of our employees have migrated from Acrobat to Bluebeam, and found it easier to use. It also costs substantially less per seat.
busness us usual
- Keyboard Shortcuts:
- Prev
- Next
- Toggle
