Slashdot Mirror
Adobe Download Manager Installing Software Without Consent
"Not all is worth cheering about as Adobe turns 20," writes reader adeelarshad82, who excerpts from a story at PC Magazine's Security Watch: "Researcher Aviv Raff has found a problem in ADM (Adobe Download Manager) and the method through which it is delivered from adobe.com. The net effect of the problem is that a user can be tricked into downloading and installing software using ADM without actual consent. Tonight Adobe acknowledged the report and said they were working on the issue with Raff and NOS Microsystems, the company that wrote ADM."
Bonjour is just as bad. It scans your LAN constantly, takes A LOT resources and provides nothing good. And it's installed without asking you along any Adobe product.
I noticed this a few days ago and had enough. I found the KB article the spells out how to disable and wrote it up here.
I judt got a nre Kinesis keybiartf so please excusr ant egregiou typos.
Recently, I found a design flaw on Adobe’s website, which allows the abuse of the Adobe Download Manager to force the automatic installation of Adobe products, as well as other software products (e.g. Google Toolbar).
Anyway to get them for "force" a free download of PhotoShop?
I inherently distrust download managers. You don't need them. Just give me an http, ftp or (in some cases) torrent download and that's all I need. Download managers are not needed, they are additional fluff for nothing. It gets on my nerves they usually get forced down your throat and you need to jump through hoops on fire to get to a normal download.
I've always distrusted Adobe simply for pushing the Google Toolbar, or these days McAfee. An easy way to get Reader or Flash without getting stuck with their stupid and unnecessary DLM is to cancel the first download, and then "click here if your download doesn't start". That way you only get the installer you wanted, not all the other crap they're trying to push on you.
Adobe is about 28 this year. It's Photoshop that is 20.
-- This and all my posts are in the public domain. I am a lawyer. I am not your lawyer, and this is not legal advice.
http://pack.google.com/ This is too cool for school - by selecting the programs you want through Google Pack, a special exe will be created for download which installs these programs and the google updater which runs as a scheduled task. Easy button FTW.
"To err is human, to mod Funny divine."
Yeah, well i lost alot of respect after photoshop went into the CS series. Thats when all this extra software garbage started coming out with it.
Next will be apple.
I agree. Why the hell am I prompted to install some freaking Firefox addon just to download Adobe Flash? Ridiculous.
Do what thou wilt shall be the whole of the Law
Ironically, the first time I tried DLM, it didn't work. So now I know to bypass that and hit the direct download link instead for what I can there for.
-MT.
-MT.
That's two strikes now for Adobe. As TFA says, Adobe also uses the Akamai Download Manager for downloads from the Adobe Store. This thing installs itself and runs *forever*, not just for the download you paid for in the store.
It has a P2P mode where client machines (that's *you*, sucker) distribute the downloaded software using your bandwidth in the background. Is there an icon in the taskbar letting you know? Nope, it runs silent and deep (it does show up as Akamai something-or-other in Process Explorer).
It's like running BitTorrent and donating your bandwidth to Akamai and their friends. Except not on purpose.
But hey, you probably clicked through a EULA that you didn't read, so it's all on you right?
/.
"Not all is worth cheering about as Adobe turns 20,"
Photoshop is turning 20 this month, not Adobe, which was founded in 1982.
... and then they built the supercollider.
I haven't bought anything by Adobe ever since I bought one of their cars. Oh, sure, you fix the dents yourself.. until it cures!!! Then good luck reshaping your new brick.
https://www.eff.org/https-everywhere
Instead of getting off my lawn, sit down and I'll tell you kids a story: In the Good ole days Adobe and it's founder John Warnock (or Warnock's Algorithm fame) were heroes. At the time most of us had ugly dot matrix printers and fixed fonts, they came up with the PostScript printer description language and many beautiful fonts. Buy a Postscript printer and you could print beautiful documents previously only typesetters could. When Apple licensed it for their laser printer desktop publishing took off. Warnock cared about beautiful fonts. Postscript was a full-blown programming language, yet a very efficient one. PDF itself *is* Postscript, just encapsulated in a file.
But Adobe then isn't Adobe now. Their Adobe Reader is an appalling, fat, unresponsive hard to drive piece of software. Ever configured options? There are twenty off preference pages with no coherent grouping. They still haven't grasped things like reopening the document where you last were reading it, or letting you add bookmarks. Instead they've loaded Adobe with a tonne of "features" to the point it's now a trojan horse vector. The company itself is no longer a source of innovation: Instead they just buy out other companies (like Macromedia Flash) and then run them into the ground. Their software uniformly suffers from appalling GUIs (or if it doesn't when they buy it, they shortly will) e.g. Photoshop, but when you're that big you can afford to be that arrogant. People will buy your software anyway, because they don't have a choice.
Yes, there are some PDF Reader imitators like Foxit Software. While they're much faster, they have copied the Adobe interface instead of themselves innovating.
The Adobe Updater is an intrusive pain in the ass. In a previous version, you had to connect to the net and then connect to Adobe to turn off the Updater. This was "free" software, so this wasn't for licensing: It was just lame in-your-face programming by lame programmers. If you try and deleted the Updater yourself, it reinstalled itself. In the end I found out if you deleted it (in your Program Files directory) and then replace plain files with directories and directories with plain files so when it goes try and reinstall itself Windows tells it to get lost.
There is a folder sitting on my desktop called Adobe Reader 9 Installer (>100meg). Can I get rid of this? I don't know what is going on with Adobe. The pdf reader used to be a lean secure program and now it's turned into some huge hideous beast that tries to sing and dance. Sigh.
Sorry, but gray text on gray background is making my eyes bleed.
Portable apps doesnt leave anything in your registry (ideally), so you can just run the app, close / move / copy it, put it on a USB-drive or whatever you want without worry :) ;)
It also makes it much faster to backup your whole app collection, or duplicate / sync your setup across machines.
Am currently running all of these software as portable apps, and only have a few apps left which are too embedded in the OS to be portable (like iTunes for my iPhone (neva gonna buy Apple again!!, and Windows Media Player, but with VLC and DIVX weplayer available I never use that much
I have even seen Photoshop as portable somewhere, but doesnt use it nowadays so not sure how well that works.
My current Portable Apps list:
2XClient, 7-ZipPortable, AudacityPortable, BonkEncPortable, CelestiaPortable, ClamWinPortable, ConvertAllPortable, CoolPlayer+Portable, EraserDropPortable, EraserPortable, GIMPPortable
InfraRecorderPortable, Java, JavaPortableLauncher, KompoZerPortable, LightscreenPortable, MPlayerPortable, Notepad++Portable, On-ScreenKeyboardPortable, OpenOfficePortable, PDFTKBuilderPortable, PortableApps.com, PortableAppsBackup, PortableAppsMenu, SpeedCrunchPortable, SpyDLLRemover, StellariumPortable, SumatraPDFPortable, TeamViewerPortable
Toucan, UltraVNCViewer Portable, UnlockerPortable, VirtualDubPortable, VirtualMagnifyingGlassPortable, VLCPortable, WinDirStatPortable, winMd5SumPortable, WinMergePortable, WiresharkPortable
Adobe_Reader_9.0_Lite_ENG.exe, aida32, CCleaner, F-Secure Blacklight, freecap_nosetup_eng, GMER, HTMLTidy, httrack-noinst, ifunbox_en, LubbosFanControl_0_1_4, Microsoft Visual SourceSafe, PdaNet for iPhone
PowerISO, ProcessMonitor, Profiles, Proxifier PE, RootkitRevealer, Spybot - Search & Destroy, Spybot Search And Destroy.lnk, StartPortableApps.exe, Stress Prime, Styler, TcpView, TrueCrypt
TweakUI, UltraISO Premium Edition 8.6.3 Build 2056.exe, uTorrent, VeryPDF PDF Editor.exe, WinRAR Unplugged
Portable Apps on Truecrypt file-volume (saves passwords to encrypted files):
Opera1010usb, aMSNPortable, FirefoxPortable, GoogleChromePortable, KeePassPortable, PidginPortable, PuTTYPortable, SkypePortable, ThunderbirdPortable, WinSCPPortable
Take back control over your apps and start using portable apps. Its worth the small extra footprint in startup, since your PC will run smoother without all the extra hooks into the OS, and the extra spyware companies like to push down your throat! Most of these even updates cleanly while staying portable!
Even though most proprietary apps have installers, if they are simple, odds are you can probably run them portable also, or find a version which is tweaked to run portable *cough cough* ;-)
Quick recipe: Just copy the files to another location, uninstall the sucker, and pray all the features works
PortableApps.com is a good resource for getting free portable apps, and many of those utilities are good enough alternatives to commercial software as well.
Their setup is tweaked to be run on USB drives, which also fits into our paradigm of taking back control over our apps and not mess up our PCs.
Good luck and spread the word!
This stealthy downloading & installation is becoming very common even by well known companies, Safari constantly attempts a stealthy install of iTunes.
When I tried Google Pack I found it didn't bundle the latest versions of the software it installs, so several immediately had to download additional updates!
At one point my Windows PC had 7 different update programs running: Adobe Acrobat updater, Apple Updater, Flash updater, GoogleUpdate.exe and GoogleUpdaterService.exe, Java update (jusched.exe?), LavaSoft Ad-Aware updater, Symantec LiveUpdate (AluSchedulerSvc.exe?), ThinkVantage updater, Windows update. And that's after I turned off several others in MSCONFIG and Services.
Firefox/Thunderbird/Mozilla's Help > Check for Updates... is the best Windows updater. It only runs when the application runs, it downloads a minimal diff, it prompts you to restart the application and self-updates (unlike some updaters that make you re-run a ^%$#$@! full-blown uninstall/installation program and ask you stupid questions that make no sense in an update), and it doesn't leave megabytes of crap lying around (I had five 70MB Java versions in C:\Program Files\Java and more crap in C:\Program Files\Common Files\Java\Update\Base Images).
(I'm now on Kubuntu and KPackageKit, not perfect but an improvement in many ways.)
=S
Bonjour pisses me off. I can't count the number of times the damned thing has popped up on my monitor while I've had Hulu running a show full-screen on my projector (thus jacking Hulu's Flash player out of full-screen mode) - and it's asking me to install shit I don't want or need (Why the fuck would I run Safari on my Windows box, just cuz I happened to put iTunes on my system?).
What you describe isn't caused by Bonjour, it is caused by going to certain pornographic Web sites. You should really try to find better quality porn instead of that crap that comes out of Eastern Europe.
I would have to disagree. While Firefox's Windows updater is convenient, it will not allow an individual who only has limited user access (my parents) to a machine to update itself. Now, Apple, Adobe, etc. updaters except for Microsoft's don't work correctly either if they are run within a limited user account.
I use filehippo.com to skip all that crap, all the apps in one place... like yahoo messenger, google earth and a few other apps I need to get fast without browsing through 10 pages to get to a damn download manager. They have annoying adds, but it's OK if you use add-block.
That sounds as expected to me. If you have limited rights you can't install or update software, unless you installed it in your own directory.
Anyway, the bugs are filed and Mozilla is working on making it better, see the comments from Robert S. in the thread http://forums.mozillazine.org/viewtopic.php?f=9&t=1587505
=S