Adobe Gets Regular On Security Patches

← Back to Stories (view on slashdot.org)

Adobe Gets Regular On Security Patches

Posted by timothy on Tuesday June 9, 2009 @01:28AM from the can-of-prunes-every-three-months dept.

dasButcher writes "Adobe joins Microsoft and Oracle on regularly scheduled security patch releases. The first set of patches for Acrobat and Reader are scheduled for today, and Adobe will release future patch batches quarterly."

38 comments

Min score:

Reason:

Sort:

Acrobat Reader is crap by deemen · 2009-06-09 01:33 · Score: 5, Interesting

Good for Adobe, but Acrobat is crap anyways. It takes forever to load up and uses way more system resources than it should. Foxit Reader is what you should be using.
1. Re:Acrobat Reader is crap by Anonymous Coward · 2009-06-09 01:46 · Score: 2, Informative
  
  Reader might be crap, but Acrobat Professional has only a handful of competitors with equivalent feature sets. And then you can get into programs like Pitstop Pro, which cost twice as much as Acrobat Pro (but are absolutely essential if you need the features for real prepress work).
2. Re:Acrobat Reader is crap by JustOK · 2009-06-09 01:56 · Score: 1, Informative
  
  kinkos can print word docs
  
  --
  rewriting history since 2109
3. Re:Acrobat Reader is crap by EraserMouseMan · 2009-06-09 02:03 · Score: 1
  
  It's a shame that such a tiny stupid little document reader has so many issues that it has to have regular patches & security updates. I can understand regular updates for an OS. But a glorified doc reader?
4. Re:Acrobat Reader is crap by jonwil · 2009-06-09 02:16 · Score: 2, Insightful
  
  The problem is all the crap Adobe has shoehorned into the PDF format like JavaScript and all those plugins. If PDF went back to what it should be, a document format with no extra crap, the problems will go away.
  PDF and Acrobat need to go back to a core focus on being a way to represent documents and other things in a way that looks the same no matter what OS, screen resolution or browser you are running and ditch all the extra garbage that has made Acrobat and Acrobat Reader so bloated.
5. Re:Acrobat Reader is crap by Celeste+R · 2009-06-09 02:21 · Score: 1
  
  That glorified "doc reader" can do far more than you think, Adobe makes it possible to have a document in a file, with all of the features of a website.
  Yes, it's "only a glorified .doc reader", but only things as powerful as TeX and such even compare. This is akin to saying "MS Word is only a glorified .txt reader".
  
  --
  There are no perfect answers, only the right questions. More questions at http://foresightandhindsight.blogspot.com/
6. Re:Acrobat Reader is crap by ThrowAwaySociety · 2009-06-09 02:23 · Score: 2, Insightful
  
  kinkos can print word docs
  Printing a Word doc at Kinkos is like hiring chef Emeril Lagasse to serve you McDonalds food on a silver platter.
  If you're going all the way to Kinkos to print something professionally, you probably want some control over what the output is going to look like. Word gives you none. A Word document can look different on two computers running the same version of Windows and the same version of Word with the same fonts, just because your default printer is different.
7. Re:Acrobat Reader is crap by Anonymous Coward · 2009-06-09 02:23 · Score: 1, Insightful
  
  The phrases "real prepress work" and "Word docs" have no reason to ever appear anywhere near each other. It reminds me of a guy applying for a sysadmin job at Google saying "I know how to use Norton."
8. Re:Acrobat Reader is crap by Celeste+R · 2009-06-09 02:24 · Score: 1
  
  Kinkos can't print all of the feature bloat that Adobe has put into its PDF format though.
  How do you print a sound clip?
  
  --
  There are no perfect answers, only the right questions. More questions at http://foresightandhindsight.blogspot.com/
9. Re:Acrobat Reader is crap by MrNemesis · 2009-06-09 02:46 · Score: 1
  
  I also used to use Foxit, but found an even more lightweight reader in the form of Sumatra PDF:
  http://blog.kowalczyk.info/software/sumatrapdf/index.html
  For the 99% of us that only read PDF docs, it's the fastest and least resource hungry PDF viewer I've ever used, plus the benefit of open sauce. IIRC even Foxit's fallen foul of some of the same vulns as acrobat.
  FYI I've also got a full fledged version of Acrobat for when I do tech writing or annotate some of our existing docs, and I've never noticed any difference between the presentation of sumatra and acrobat, nor any problems with stupid forms (although they didn't use JS). Recommend everyone gives it a whirl even if just to find out whether they can live without bells and whistles.
  Tip: to get it to remember your default view (fit width, continuous in my instance) open sumatra, set your preferences and then those sumatra. Otherwise it remembers individual view settings based on the file path.
  
  --
  Moderation Total: -1 Troll, +3 Goat
10. Re:Acrobat Reader is crap by maxume · 2009-06-09 02:47 · Score: 1
  
  Reader 9 improves loading speed quite a bit (even after the preloader is turned off). On a system with a couple of gigabytes of ram, it doesn't use a punishingly large amount of resources either (who doesn't upgrade to 2 gigs when it costs $25?).
  
  --
  Nerd rage is the funniest rage.
11. Re:Acrobat Reader is crap by geminidomino · 2009-06-09 02:53 · Score: 4, Insightful
  
  That glorified "doc reader" can do far more than you think, Adobe makes it possible to have a document in a file, with all of the features of a website.
  And that's a good thing... why,again? PDF is supposed to be a portable doc format for predictable, portable printing, not a blasted website.
12. Re:Acrobat Reader is crap by LordLimecat · 2009-06-09 02:56 · Score: 2, Interesting
  
  <quote>That glorified "doc reader" can do far more than you think, Adobe makes it possible to have a document in a file, with all of the features of a website.</quote> Sounds like something thats a browser's job. I had always understood PDF's purpose to be creating a "virtually printed" file--basically, how it appears in the reader IS how it will appear when printed. Why the hell is javascript involved now? Or is it people about 10 years ago completely forgot the point of a PDF and started using them instead of .docs?
13. Re:Acrobat Reader is crap by JustOK · 2009-06-09 03:29 · Score: 1
  
  no prob:
  http://gizmodo.com/372994/earliest-audio-recording-resurrected-scares-the-genitals-off-us
  150 year old technology.
  
  --
  rewriting history since 2109
14. Re:Acrobat Reader is crap by Anonymous Coward · 2009-06-09 04:46 · Score: 0
  
  Speaking of crap it's good to see adobe is getting it's fiber
15. Re:Acrobat Reader is crap by Anonymous Coward · 2009-06-09 05:01 · Score: 0
  
  "That glorified "doc reader" can do far more than you think, Adobe makes it possible to have a document in a file, with all of the features of a website."
  So, what you're saying is, we can set up a website with an embedded PDF file that ... contains a website.
  Brilliant! Another fine piece of bloatware brought to you by the Department of Redundancy Department at Adobe.
16. Re:Acrobat Reader is crap by EkriirkE · 2009-06-09 06:24 · Score: 1
  
  Duh, etching like a phonograph
  
  --
  from 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0 to 45 2F 6E 40 3C DF 10 71 4E 41 DF AA 25 7D 31 3F
17. Re:Acrobat Reader is crap by Chabo · 2009-06-09 08:11 · Score: 1
  
  People who are still using DDR ram or older, which doesn't cost $25 for 2GB.
  I'm upgrading this fall, I swear! ;)
  
  --
  Convert FLACs to a portable format with FlacSquisher
18. Re:Acrobat Reader is crap by Donniedarkness · 2009-06-09 11:44 · Score: 1
  
  I just wish they didn't package it with crap toolbars and such. I recommend it to people all the time, though, and I just make sure to warn them to read the install prompts.
  
  --
  Earn a % of cash back from Newegg, Tiger Direct, Walmart.com, and more: http://www.mrrebates.com?refid=458505
Only quarterly??? by davidwr · 2009-06-09 01:36 · Score: 4, Insightful

Quarterly makes sense for non-security patches but for critical security patches I hope they go "off-cycle."
For critical security vulnerabilities, I would like a beta patch OR workaround ASAP and a tested patch as soon as practical.

--
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
1. Re:Only quarterly??? by Drakkenmensch · 2009-06-09 01:38 · Score: 3, Interesting
  
  Quarterly makes sense for non-security patches but for critical security patches I hope they go "off-cycle."
  Once per quarter is already a huge improvement on their previous schedule of not at all even when thousands of computers were getting infected by virus-ladden rigue PDF files.
2. Re:Only quarterly??? by Culture20 · 2009-06-09 02:05 · Score: 2, Funny
  
  That's not a fair characterization. They planned a security update to be released a month later. A MONTH. And they did suggest turning off a feature that never should have existed and is not trivial to turn off remotely.
3. Re:Only quarterly??? by Drakkenmensch · 2009-06-09 02:34 · Score: 1
  
  I'm sure that's great comfort to all the people whose computers were infected in all the weeks that have gone by since this viral exploit was uncovered and put to destructive use.
4. Re:Only quarterly??? by Rich0 · 2009-06-09 02:53 · Score: 1, Offtopic
  
  The real mess is a lack of package management on Windows.
  On virtually any linux distro I can type one command and have the system check for security updates and provide me a list of all packages that require security updates. Another command will apply those updates. If I'm REALLY brave I can just put it in cron and have it just email me what its doing after the fact (not always wise - some linux distros sometimes break booting with core package upgrades). A different variation on the same process could apply non-security updates as well. Distros like debian actually backport security patches so that you can have very safe updates.
  On windows the OS itself is fairly well updated if you configure it correctly. However, the 40 bazillion other pieces of software I use are a mixed bag. Some will auto-update, but using their own update programs with their own configurations and their own update policies. Many don't auto-update at all, but if you look really hard you might find a website (or if you're really lucky an email list) where updates get posted. I'm sure my windows box right now has 5-7 services all running in the background that are just looking for updates to various programs.
  Windows really needs a package manager. It could even support installs off of CD, but the installer is a standard component of the OS, and the OS manages updates. The installer could even be extensible (installer creates an enviornment to install into, then program-specific installer does all kinds of magic and dumps files into that environment, then OS deploys files and registry keys and permissions appropriately). Virtually any linux distro would be a vast improvement, and I think there is room for even further improvement.
Slow news day? by Rogerborg · 2009-06-09 01:37 · Score: 1

So, they're going to delay security updates until the next scheduled patch-o-rama?
Or are they going to release "critical" updates as needed, thus making a mockery of the schedule?
Either way, I find it hard to care one way or another. Can you find some way to tie this story to the OLPC, or Futurama?

--
If you were blocking sigs, you wouldn't have to read this.
Too much time. by Deathlizard · 2009-06-09 01:41 · Score: 3, Interesting

Although Quarterly is a start, it should be carried out on a monthly basis or at least have a plan for immediate release if an exploit goes wild.
Acrobat and Flash are some of the most used Apps second to MS products. They should at least be on par with their patching policy.

--
In Soviet Russia, Trojan exploits YOU!
Adobe Gets Regular by andrewd18 · 2009-06-09 01:49 · Score: 3, Funny

"In light of its age and recent back-end irregularity, Adobe Acrobat Reader has promised to start taking steady doses of Metamucil."
Too slow by gubers33 · 2009-06-09 01:55 · Score: 1

Although it is good to see that Adobe is getting on a security release schedule, but they need to be better in patching their applications. The PDF flaw came up earlier this year they took far too long to release a patch, I recall patching my systems with private patches because Adobe took so long. The releases should be monthly or weekly if it is a serious vulnerability.

--
Just because you are wrong and I called you out on it doesn't mean I am a Troll.
Adobe gets regular by Celeste+R · 2009-06-09 02:10 · Score: 1

My first impression was "it's that time of month?"

--
There are no perfect answers, only the right questions. More questions at http://foresightandhindsight.blogspot.com/
Patching would could be a non-issue... by geekmux · 2009-06-09 02:46 · Score: 2, Insightful

Ah, anyone remember the good ol' days of Adobe, when it was just a fucking reader??
Sorry if I'm being crass, but a damn PDF reader should not be 100MB worth of installer followed up with 20MB "patches". Damn Adobe v5 installer was 5MB, and guess what? v5 does everything I need it to do, and would likely suffice for 95% of Adobe users who do nothing more than view PDFs.
Everything else is going low-cal, low-carb, lite and dry, how about a simple PDF reader?
1. Re:Patching would could be a non-issue... by buchner.johannes · 2009-06-09 05:16 · Score: 1
  
  evince?
  I mean for PDF readers you have a choice, I find these hundreds of megabytes for updating the .NET-Framework (MS Update) rich. I don't download that.
  
  --
  NB: The message above might reflect my opinion right now, but not necessarily tomorrow or next year.
2. Re:Patching would could be a non-issue... by Minwee · 2009-06-09 06:49 · Score: 1
  
  Everything else is going low-cal, low-carb, lite and dry, how about a simple PDF reader?
  Not a problem. Just try applying one of the patches found on this site to substantially upgrade the performance and reliability of Acrobat Reader. To avoid system instability you may need to uninstall your old version of Acrobat before upgrading.
exploits also to be released on quarterly cycle... by Anonymous Coward · 2009-06-09 03:03 · Score: 0

...the day after Adobe releases its security patches, for maximum effect (although its making quite an assumption that Adobe will get a fix out by the next quarter).
About F*CKIN Time! by hesaigo999ca · 2009-06-09 05:22 · Score: 1

Being the #1 worst application for vulnerabilities, meaning that its market share makes it installed on 99% of all pcs, you would think there long list of vulnerabilities would have made this a necessity years ago, but it is good news, maybe they will be a little more
up to date with their unit testing, and develop better then average sandboxes to test all the drive by execution flaws they have.
Colon-Blow? by motherpusbucket · 2009-06-09 13:18 · Score: 1

"Adobe Gets Regular On Security Patches"
Is Adobe taking a fiber supplement? Cool! Maybe it will quit constipating my f*cking computer!

--
"You can't really dust for vomit" --Nigel Tufnel
Adobe? by Oldav · 2009-06-09 13:45 · Score: 0, Insightful

Dont use acrobat, Foxit reader is great, and is much less of a resource hog!