Slashdot Mirror

← Back to Stories (view on slashdot.org)

Adobe Download Manager Installing Software Without Consent

Posted by timothy on from the plus-one-invitation dept.

"Not all is worth cheering about as Adobe turns 20," writes reader adeelarshad82, who excerpts from a story at PC Magazine's Security Watch: "Researcher Aviv Raff has found a problem in ADM (Adobe Download Manager) and the method through which it is delivered from adobe.com. The net effect of the problem is that a user can be tricked into downloading and installing software using ADM without actual consent. Tonight Adobe acknowledged the report and said they were working on the issue with Raff and NOS Microsystems, the company that wrote ADM."

23 of 98 comments (clear)

  1. Bonjour by sopssa · · Score: 4, Informative

    Bonjour is just as bad. It scans your LAN constantly, takes A LOT resources and provides nothing good. And it's installed without asking you along any Adobe product.

    1. Re:Bonjour by Icegryphon · · Score: 3, Interesting

      I don't see how this is off topic. Unless you are some Mac/iTunes Fanboy.
      When you install a piece of software you should be warned of hitchhikers and be given the option to not install.
      Bonjour is packaged with a few pieces of useless trash now.

    2. Re:Bonjour by Itninja · · Score: 4, Insightful

      I also dislike the opt-out Safari install that I have to remember every time I upgrade iTunes.

      --
      I judt got a nre Kinesis keybiartf so please excusr ant egregiou typos.
    3. Re:Bonjour by MonTemplar · · Score: 4, Informative

      To be fair to Apple, they only did that the one time - and learnt their lesson *really* quickly! Now it shows up in Apple Software Update, but un-ticked.

      Which is fine by me, as I don't have any need for Safari. Already have Firefox for day-to-day browsing, Chrome for testing, and IE for just remote access to work.

      -MT.

      --
      -MT.
    4. Re:Bonjour by MichaelJ · · Score: 4, Informative

      What the heck are you talking about? Bonjour is a service discovery protocol (mDNS) server and client library. It doesn't pop up anything, and it certainly doesn't install software. If you have a complaint it's with either the Apple Software Update, or some other software update product.

      --

      Michael J.
      Root, God, what is difference?
    5. Re:Bonjour by Toonol · · Score: 4, Insightful

      I occasionally post a negative comment about Apple. Worse, I sometimes post a politically conservative comment. And, yet, my Karma has been excellent for years.

      It may have something to do with (1) sometimes posting worthwhile comments and (2) not being a vulgar idiot.

      Please consider doing either or both in the future.

    6. Re:Bonjour by Kagetsuki · · Score: 2, Insightful

      OK, let's just get this straight here: some people do not like Apple (myself included) and in general negative Apple comments on Slashdot do get modded down regardless of how true they are. Apple is very much a company with a very strong brand image; and their fans seem to feel it's their responsibility to protect that image like a religious belief. So now that you'll understand my viewpoint better when I say I understand twoDigitlw's frustration in his comment and I find your comment to be arrogant. The fact you were modded 5 Insightful is also an expression in the truth of twoDigitlw's post, though it is true his post was Offtopic.

  2. Disable by Itninja · · Score: 5, Informative

    I noticed this a few days ago and had enough. I found the KB article the spells out how to disable and wrote it up here.

    --
    I judt got a nre Kinesis keybiartf so please excusr ant egregiou typos.
  3. No surprise there.... by Corporate+Troll · · Score: 5, Insightful

    I inherently distrust download managers. You don't need them. Just give me an http, ftp or (in some cases) torrent download and that's all I need. Download managers are not needed, they are additional fluff for nothing. It gets on my nerves they usually get forced down your throat and you need to jump through hoops on fire to get to a normal download.

    1. Re:No surprise there.... by MightyMartian · · Score: 4, Insightful

      I not only distrust download managers, I don't see the fucking point. To my mind, the only reason any of these guys make them is so they can make back doors to stuff what you don't want with what you do. Naturally these download managers have the potential of being abused either by the company or by some third party exploiting them.

      If I can't download the thing through FTP, HTTP or bittorrent, I'm not interested, period. There's no technical reason for download managers, and thus any company that uses them has some nefarious goal in mind.

      --
      The world's burning. Moped Jesus spotted on I50. Details at 11.
    2. Re:No surprise there.... by Corporate+Troll · · Score: 2, Informative

      No apt-get (or aptitude as you should use) is a package manager. Stuff Adobe gives you, or whatever iTunes installs, or any Windows updater for non-OS software are download managers.

      Go download some drivers at Dell. It will ask you to install a download manager for its drivers. What for? That's a download manager to me.

    3. Re:No surprise there.... by Hurricane78 · · Score: 4, Insightful

      I can explain the point to you:

      See, Linux/BSD systems have this nice thing called a ‘package manager”. And since all software is free, you essentially have a nice “app store”-like interface, where you can install everything (out of currently over 13,000 packages here on Gentoo) you like.

      Then when you want to update things, you can just call one global update program, and be done with it. Everything that has an update available, will be updated. With tons of options on what you want to block, what you want to allow despite it being marked as unstable, etc, etc, etc.

      After a while, when your rule set is stabilizing, and you routinely do those updates, you start to feel the natural need to automate it. (Unfortunately, most Windows users lack that need, since they are trained to use a PC like an appliance.) So you automate it.

      Now of course, big companies get all wet or stiff down there, when they see such a system. But since there is no such thing for Windows, they try to imitate it with such a download manager. Badly.

      But since everyone rolls his own thing, does not give you any control, and they don’t understand all aspects of package management anyway, you get a mess of tons of stupid background processes doing stupid (and sometimes useful) things without asking you.

      This is a opportunity that Microsoft clearly missed. Sure, they have Windows Update, which is not that bad and does the job for Windows itself, plus some drivers. But they should have offered a real package manager, and allow others to integrate into it. That would have given them big plus points from companies and users.

      And now we’re in the mess.
      But hey: You can still make some room and install a beginner-friendly Linux distribution, to go to, when you start pulling hairs again. :)

      --
      Any sufficiently advanced intelligence is indistinguishable from stupidity.
    4. Re:No surprise there.... by gknoy · · Score: 2, Interesting

      Conversely, they know that a major subset of their users are like my father.

      When Itunes wants to be updated, it says, "Hey! Update me!". My father says OK, and a browser opens. He has to find the download link (took him a while to realize that was what needed doing). Then, he has to save it locally. Then, he has to FIND the file and actually run it. Some users think that after they've downloaded it, it's installed - whoops. If they do actually think they need to run it, sometimes they have a hard time finding it.

      Download managers are a superb annoyance to power users like you or me, but are a great asset to users like my father. It downloads stuff in the background, and then says, "Hey, I have an update -- want me to install it?" Or, even better, "I've automagically updated your software to be more awesome."

      Sure, sometimes they lie about it being more awesome, or don't tell that Lame Things are being installed. That's a problem, but it's a flaw of execution rather than a fundamental flaw of download managers themselves.

      I'd even like a download manager, if it could be centrally arranged (so I didn't have Adobe, Real,Apple, Opera, Windows and Java all wanting to auto-update stuff). The only reason I DON'T use them is because they always pop up at a time when I want to get work (or play) done, and I usually don't CARE about whether I have the latest and greatest JVM or Quicktime or Flash or Acrobat Reader. (I *should* care about the adobe products, given their level of exploitability, but I don't often read PDFs, and when I do it's with Foxit.)

    5. Re:No surprise there.... by westlake · · Score: 4, Insightful

      If I can't download the thing through FTP, HTTP or bittorrent, I'm not interested, period.

      You aren't the market. The non technical end user is the market. The user who isn't even aware that his PC has an FTP client - and won't install one short of being forced to do so at gun point. The geek lost this battle along about AOL 3.0 for Windows.

    6. Re:No surprise there.... by Bagels · · Score: 2, Insightful

      Just wanted to note that Microsoft does actually have a 'Microsoft Update' system that will update other Microsoft products (Office, Visual Studio, etc) installed on the system. I don't think it's available for pre-Vista systems, and it's a far cry from apt-get and the like, but it's a step in the right direction.

      --
      --- Bwah?
  4. DLM? No thank you by Anonymous Coward · · Score: 5, Informative

    I've always distrusted Adobe simply for pushing the Google Toolbar, or these days McAfee. An easy way to get Reader or Flash without getting stuck with their stupid and unnecessary DLM is to cancel the first download, and then "click here if your download doesn't start". That way you only get the installer you wanted, not all the other crap they're trying to push on you.

  5. A minor nit by cpt+kangarooski · · Score: 5, Informative

    Adobe is about 28 this year. It's Photoshop that is 20.

    --
    -- This and all my posts are in the public domain. I am a lawyer. I am not your lawyer, and this is not legal advice.
  6. Re:DLM? No thank you by MonTemplar · · Score: 2, Insightful

    Ironically, the first time I tried DLM, it didn't work. So now I know to bypass that and hit the direct download link instead for what I can there for.

    -MT.

    --
    -MT.
  7. Adobe also uses Akamai Download Manager by Anonymous Coward · · Score: 5, Interesting

    That's two strikes now for Adobe. As TFA says, Adobe also uses the Akamai Download Manager for downloads from the Adobe Store. This thing installs itself and runs *forever*, not just for the download you paid for in the store.

    It has a P2P mode where client machines (that's *you*, sucker) distribute the downloaded software using your bandwidth in the background. Is there an icon in the taskbar letting you know? Nope, it runs silent and deep (it does show up as Akamai something-or-other in Process Explorer).

    It's like running BitTorrent and donating your bandwidth to Akamai and their friends. Except not on purpose.

    But hey, you probably clicked through a EULA that you didn't read, so it's all on you right?

  8. The Tragedy of Adobe by CuteSteveJobs · · Score: 2, Informative

    Instead of getting off my lawn, sit down and I'll tell you kids a story: In the Good ole days Adobe and it's founder John Warnock (or Warnock's Algorithm fame) were heroes. At the time most of us had ugly dot matrix printers and fixed fonts, they came up with the PostScript printer description language and many beautiful fonts. Buy a Postscript printer and you could print beautiful documents previously only typesetters could. When Apple licensed it for their laser printer desktop publishing took off. Warnock cared about beautiful fonts. Postscript was a full-blown programming language, yet a very efficient one. PDF itself *is* Postscript, just encapsulated in a file.

    But Adobe then isn't Adobe now. Their Adobe Reader is an appalling, fat, unresponsive hard to drive piece of software. Ever configured options? There are twenty off preference pages with no coherent grouping. They still haven't grasped things like reopening the document where you last were reading it, or letting you add bookmarks. Instead they've loaded Adobe with a tonne of "features" to the point it's now a trojan horse vector. The company itself is no longer a source of innovation: Instead they just buy out other companies (like Macromedia Flash) and then run them into the ground. Their software uniformly suffers from appalling GUIs (or if it doesn't when they buy it, they shortly will) e.g. Photoshop, but when you're that big you can afford to be that arrogant. People will buy your software anyway, because they don't have a choice.

    Yes, there are some PDF Reader imitators like Foxit Software. While they're much faster, they have copied the Adobe interface instead of themselves innovating.

    The Adobe Updater is an intrusive pain in the ass. In a previous version, you had to connect to the net and then connect to Adobe to turn off the Updater. This was "free" software, so this wasn't for licensing: It was just lame in-your-face programming by lame programmers. If you try and deleted the Updater yourself, it reinstalled itself. In the end I found out if you deleted it (in your Program Files directory) and then replace plain files with directories and directories with plain files so when it goes try and reinstall itself Windows tells it to get lost.

  9. Adobe Reader 9 Installer by cvtan · · Score: 3, Insightful

    There is a folder sitting on my desktop called Adobe Reader 9 Installer (>100meg). Can I get rid of this? I don't know what is going on with Adobe. The pdf reader used to be a lean secure program and now it's turned into some huge hideous beast that tries to sing and dance. Sigh.

    --
    Sorry, but gray text on gray background is making my eyes bleed.
  10. Re:Free software by couchslug · · Score: 4, Informative

    "Anyway to get them for "force" a free download of PhotoShop?"

    No, but blocking the proper entries in your hosts file as someone might do who didn't want Adobe warez "phoning home" would take care of unwanted "updates" nicely.

    --
    "This post is an artistic work of fiction and falsehood. Only a fool would take anything posted here as fact."
  11. Google Pack not cool, Firefox Check for Updates is by spage · · Score: 2, Insightful

    When I tried Google Pack I found it didn't bundle the latest versions of the software it installs, so several immediately had to download additional updates!

    At one point my Windows PC had 7 different update programs running: Adobe Acrobat updater, Apple Updater, Flash updater, GoogleUpdate.exe and GoogleUpdaterService.exe, Java update (jusched.exe?), LavaSoft Ad-Aware updater, Symantec LiveUpdate (AluSchedulerSvc.exe?), ThinkVantage updater, Windows update. And that's after I turned off several others in MSCONFIG and Services.

    Firefox/Thunderbird/Mozilla's Help > Check for Updates... is the best Windows updater. It only runs when the application runs, it downloads a minimal diff, it prompts you to restart the application and self-updates (unlike some updaters that make you re-run a ^%$#$@! full-blown uninstall/installation program and ask you stupid questions that make no sense in an update), and it doesn't leave megabytes of crap lying around (I had five 70MB Java versions in C:\Program Files\Java and more crap in C:\Program Files\Common Files\Java\Update\Base Images).

    (I'm now on Kubuntu and KPackageKit, not perfect but an improvement in many ways.)

    --
    =S