Slashdot Mirror

← Back to Stories (view on slashdot.org)

Adobe Reader X With Sandbox Due In November

Posted by CmdrTaco on from the i-like-the-dump-truck dept.

Trailrunner7 writes "Adobe will finally release the new version of its Reader software — which will include the much-anticipated Protected Mode security feature — next month. Adobe Reader X will include a number of other new features in addition to the sandbox feature. Adobe officials have been discussing Protected Mode for several months now and said early on that it would be included in the next version of Reader, but had never set a time line for the release of Reader X. Now, the company says the new version will be available in November, although no specific date was announced."

110 comments

  1. At Last! by WrongSizeGlass · · Score: 3, Interesting

    At last ... the malware writers will have a new challenge, and just in time for those long holiday weekends. I'm betting they find a way around Adobe's "sandbox" before the end of the year. Adobe used to make very good software - now they make very exploitable software.

    1. Re:At Last! by ByOhTek · · Score: 4, Funny

      The big question is... Which will be released first?

      The new version, or the exploits for the new version.

      --
      Self proclaimed typo king, and inventor of the bear destroying coffee table (patent not pending).
    2. Re:At Last! by Anonymous Coward · · Score: 0

      The big question is... Which will be released first?

      The new version, or the exploits for the new version.

      Chicken or the egg, cluck cluck cluck ...

    3. Re:At Last! by MoonBuggy · · Score: 4, Insightful

      Adobe used to make very good software - now they make very exploitable software.

      They still can make good software, which they proceed to sell for very large quantities of cash. What I don't really understand is why they ever updated PDF beyond being a simple document format - it introduced all of these vulnerabilities, and gave them a lot more work to do on their free reader software, for little real value. What was wrong with just keeping it as a simple extension of postscript?

    4. Re:At Last! by grub · · Score: 1


      What I don't really understand is why they ever updated PDF beyond being a simple document format - it introduced all of these vulnerabilities

      There would be no money in the long run had they released "Reader v1.0" and turned off the lights.

      --
      Trolling is a art,
    5. Re:At Last! by JeffSpudrinski · · Score: 1

      What you say is very true, but at least there's an effort on Adobe's part.

      Albeit a long overdue and woefully underpowered effort...but an effort nonetheless.

      Just my $0.02.

      -JJS

    6. Re:At Last! by rudy_wayne · · Score: 1

      hey still can make good software, which they proceed to sell for very large quantities of cash. What I don't really understand is why they ever updated PDF beyond being a simple document format - it introduced all of these vulnerabilities, and gave them a lot more work to do on their free reader software, for little real value. What was wrong with just keeping it as a simple extension of postscript?

      Like any product, they have to keep producing new versions with new "features" so that existing users will want to upgrade. Otherwise everyone would still be using version 1.0 and Adobe wouldn't make any money. Unfortunately this creates the existing cycle of constantly introducing new exploitable bugs which must be patched.

    7. Re:At Last! by MichaelKristopeit+14 · · Score: 1

      all software is a sandbox for itself... adding another layer of equally exploitable bloat is not a feature.

    8. Re:At Last! by arth1 · · Score: 2, Funny

      It's called "feeping creaturitis". You have to come out with new versions in order to sell, and new versions need something new. It's easy for things that absolutely don't belong to creep in, when you've run out of good ideas.

      Remember Lett's Law: "All programs evolve until they can send email."
      (And my corollary: "Except Exchange")

    9. Re:At Last! by JonySuede · · Score: 2, Interesting

      postscript is already turing complete...

      --
      Jehovah be praised, Oracle was not selected
    10. Re:At Last! by MoonBuggy · · Score: 1

      I wouldn't have thought there was any money at all in the reader itself. The less work to do on it, the better.

      I suppose perhaps they were trying to drive sales of the full version of Acrobat, but then I don't see who would really purchase that specifically when there are plenty of free/extremely cheap methods to export to PDF from your document creation software of choice. It seems foolish to have screwed over a perfectly good format in an effort to salvage sales a largely redundant piece of software - it's the kind of behaviour that I would understand if Acrobat were their main or only product, but when they've got Photoshop, Illustrator, InDesign, Premiere, and the like I don't see the need for it.

    11. Re:At Last! by phantomcircuit · · Score: 1

      They added the new features to sell upgrade of their document production software.

    12. Re:At Last! by neumayr · · Score: 3, Informative

      Acrobat isn't replaced by "Print to PDF". Not by a long shot.
      If all this extra functionality is actually needed, I do not know. But making PDF popular is part of what lets them sell their ADEPT DRM solution, and I'm sure that's making them a pretty penny.

      --
      Truth arises more readily from error than from confusion. -Francis Bacon
    13. Re:At Last! by Skuld-Chan · · Score: 5, Informative

      Having worked on Adobe Acrobat (and Reader) for the last 8 or so years (my name is in a good chunk of all the release credits since version 5 or 6) the feature to add form support was added in version 3 (which came out in the mid 90's) as an addon.

      It was added for the same reason a lot of features were added - to extend the product compete in a specific marketplace - specifically places where forms are displayed. Same reason a lot of features in a lot of products are added - to make more money in another market.

      Where I work now they use a development kit from Datatel called Colleague - most of what it does is display forms from a pick database and read or save these fields (it has scheduling, accounting/ap/ar etc as well built in). You could in fact use Acrobat to display these same forms. And if your migrating from a paper based workflow - you can in fact scan all these forms in, add a bunch of fields with whatever logic JS provides (and in turn hook that into whatever logic livecycle server provides) and you have an electronic version of the paper form you used to file away.

      That was in fact (as I recall it was a while back) the marketing pitch.

      It does work too - there's even support for SAP. At one point the IRS had grand visions of filing all your taxes electronically with it (but since we can't have nice things in this country that got canned) - so it does have a lot of potential. Since something like 90% of all PC's have some version of Reader - it's an excellent target platform if you want to display paper like forms on the net.

      But like ANYTHING that has any kind of outside connectivity it's vulnerable to attack. People on here always herald other technologies as they would save us from whatever we use now, but its just a matter of what is and isn't the target. Acrobat 4 and 5 had massive vulnerabilities, but no-one ever complained about rogue pdf files because it wasn't a target. I remember the first big vulnerability on Acrobat 7 - it wasn't sanitizing inputs (it does now!) and allowed a PDF to execute commands on the PC (very similar to the bobby tables comic). After that exploit - the blood was in the water and everyone and their sister wanted to poke away at the code to find new ones (and being a very old product it has plenty of them...).

    14. Re:At Last! by pclminion · · Score: 3, Informative

      PDF is not an extension of PostScript. There is a superficial similarity between the PDF content stream format and PostScript, and although this was done deliberately to make printing PDFs to PostScript devices simpler, it is not a real derivative of PostScript. For instance, there is no operand stack, and there are no control flow or looping constructions.

      A PDF file is essentially an object-oriented database. Some of the contents of this database are graphics operator streams which are syntactically similar to PostScript. That is where the similarity begins and where it ends.

    15. Re:At Last! by Anonymous Coward · · Score: 5, Insightful

      So why is it that Acrobat reader is 200mb and takes forever to install, and installs several other adobe products with it and then requires admin rights to install updates so it always gets outdated and becomes vulnerable?... it's because it has become bloatware. Just like Quickbooks, it just keeps getting slower and slower and slower, and contains more features that 90% of users wont ever use.

      SumatraPDF is like 1.5MB and installs in less than 5 seconds and opens instantly

      Perhaps there should be a Lite version of Adobe Acrobat for people who just want to view PDF files... we could call it "Adobe Acrobat Reader"

    16. Re:At Last! by ByOhTek · · Score: 2, Interesting

      Do you define the species of an egg by what produced it, or what came out of it?

      If the former, the chicken. If the latter, the egg.

      --
      Self proclaimed typo king, and inventor of the bear destroying coffee table (patent not pending).
    17. Re:At Last! by gad_zuki! · · Score: 1

      To be fair, they're using MS's protected mode which IE uses and from what I've gathered there haven't been any exploits that break through it. Please note add-ons do not run in protected mode, so if something is targeting your Java or Adobe Reader then those run normally.

      Protected mode allows very limited access to the OS and forces a broker process to handle anything that interacts with the user's system. Yes, its hackable like most things in life, but its a pretty smart design that I think will limit exploits on the Adobe product. The downside is that its only Vista/7 (?) and it doesn't address the fatal mistakes Adobe is making - allowing javascript by default and using a piss poor updater. Adobe should really just shift to using MS's Windows Update and be done with it.

      Right now Java and Adobe Reader/Pro/Standard are the two most exploited apps according to Brian Krebs. Shifting to X should help end users keep their systems safe.

    18. Re:At Last! by arndawg · · Score: 1

      Microsoft and Google helped them on this sandbox so I have faith that this is a step forward.

    19. Re:At Last! by BlitzTech · · Score: 1

      Don't forget Zawinski's Law of Software Envelopment:

      Every program attempts to expand until it can read mail. Those programs which cannot so expand are replaced by ones which can.

    20. Re:At Last! by waddleman · · Score: 1

      BTW. I filed last year taxes with the IRS using this feature. See the free file fillable forms options. The forms do a lot of the basic math calculations also.

    21. Re:At Last! by Anonymous Coward · · Score: 0

      What if the egg contained twin embryos, one of which is a chicken by all modern definitions, and one of which is a throwback chicken-precursor that cannot successfully reproduce with chickens but can successfully reproduce with a certain set of chicken-precursors?

      What then?

      (I acknowledge I have no idea if chicken fraternal twins can happen that way and suspect they cannot, and that the scenario is pretty ridiculous)

    22. Re:At Last! by RDW · · Score: 2, Interesting

      The really irritating thing is that if you do need the full Acrobat package you have to buy an upgrade as soon as your version is EOL'd, even if you're perfectly happy with its features, because there'll be no more security updates to fix whatever gaping vulnerability has been discovered that week. Since they release a new version about every two years, and only support it for 5 years from first release, if you buy a version towards the end of its release period you could have as little as 3 years before the damn thing is too dangerous to have on your system.

    23. Re:At Last! by Quiet_Desperation · · Score: 1

      I went to a connector manufacturer web page the other day for a data sheet, and they had 3D models of the connector in PDF format. You could open it op and rotate the 3D model around in a PDF. Didn't work worth a damn on a six month old PC with an i7 and gobs of RAM and a moderate graphics card, so I had to wonder what the point was. Our mecha guys are just going to import the real models into Pro-E anyway. I can get the gist of a connector from a good 2D CAD drawing.

    24. Re:At Last! by hairyfeet · · Score: 1

      Uhhh...Foxit has had "safe mode" for quite awhile now, and with safe mode no external commands are allowed which kills malware dead in its tracks since it has no way to call functions outside the reader. It also has ASLR and DEP in the versions of Windows that support those features, making it even harder to exploit. so what exactly does having it sandboxed do that makes it safer than the current Foxit?

      Not trying to advocate one or the other here, as I gave up on reader around version 6 (whichever one started using quickstarter crap) for me and my customers and strictly give them Foxit unless requested otherwise but I really haven't gotten a chance to study sandboxes in depth, so I'm curious: Does one automatically give advantage over the other? Or can an app with good security measures like Foxit give an equal level of security? Since I'm on Windows 7 running Comodo everything is sandboxed by default anyway so it won't affect me personally, but for my customers on XP it'd be good to know.

      --
      ACs don't waste your time replying, your posts are never seen by me.
    25. Re:At Last! by DrSkwid · · Score: 1

      Or these days :

      All software expands until it reaches Twitter.

      which includes hardware :

      http://www.reghardware.com/2010/10/15/lexmark_twitter_printer/

      --
      There are places where the networks are not touching,and there are places where they are-Boeing's Lori Gunter
    26. Re:At Last! by Anonymous Coward · · Score: 0

      So sort of like Ubuntu LTS versions then. 3 years and then too dangerous to run. Unlike the non-LTS versions which are 18 months and then too dangerous to run. What was your point? Was it that vendors eventually stop patching old crap? Well duh!

    27. Re:At Last! by Matt+Perry · · Score: 1

      Having worked on Adobe Acrobat (and Reader) for the last 8 or so years (my name is in a good chunk of all the release credits since version 5 or 6)

      Aha! So you are to blame! Get him, boys!

      --
      Slashdot: Failed Car Analogies. Amateur Lawyering. Anecdote Battles.
    28. Re:At Last! by BitZtream · · Score: 1

      So why not just use HTML, its penetration rate is higher than PDF, has more software for displaying it, and does pretty much all the same shit ... oh, and most browsers have some sort of security mechanisms built in.

      Its neat that you worked on Acrobat and its dirty children, but don't you think you could have spent that time doing something better than reinventing the wheel in a substandard way?

      Whats great is that you take credit for a bunch of work in acrobat, then proceed to point out (probably not intentionally though) how shitty the code is and how it missing basic freaking common sense bits like input sanitization.

      The blood was in the water because it became blindly clear over night that you and your team had no clue how to write code used in an untrusted network environment.

      PDF wants to be HTML, just using PostScript instead, and it sucks at it. Much like Flash, PDF needs to die.

      I could continue on about all the other retarded things Adobe does (Has Adobe Reader's install bloated past 300meg yet? WTF) but why bother.

      Little hint: Don't brag or tell people about your time at Adobe, only idiots will find it impressive.

      --
      Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
    29. Re:At Last! by BitZtream · · Score: 1

      Yea, so uhm, its based on PostScript then isn't it? You know, PostScript but different ... so it could be sent to PostScript printers easily ...

      --
      Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
    30. Re:At Last! by Anonymous Coward · · Score: 0

      Having worked on Adobe Acrobat (and Reader) for the last 8 or so years (my name is in a good chunk of all the release credits since version 5 or 6) the feature to add form support was added in version 3 (which came out in the mid 90's) as an addon.

      Oh I'll bet you have tons of friends in the IT world. :p

      On a more practical note, I would not brag about that here. To these people, "It's shitty because it's popular" is not a valid defense for a bad document viewer any more than it is for a bad OS.

    31. Re:At Last! by pclminion · · Score: 2, Informative

      It's "based on PostScript" in the same sense that Windows 7 is "based on DOS." The relationship is minor, incidental, and as a matter of fact, not even guaranteed going forward. PDF has a concept of a "ProcSet," a set of macros which are exported to a PostScript device prior to sending a page content stream. These ProcSets used to be mandatory. They are no longer required and are now considered deprecated. What it means is that natural PDF content streams are no longer directly usable by PostScript printers. This divergence will most likely continue.

      If you like, I can also present an experiential argument. I have spent a lot of time implementing code which manipulates PostScript, PDF, and several other page description languages. I can say from experience that the supposed similarity between PostScript and PDF is of absolutely no help in implementing either of them. They are completely different things.

      It's like saying that Java and C++ are based on each other because their syntax looks similar. It just isn't the case.

    32. Re:At Last! by peragrin · · Score: 1

      because unlike HTML PDF prints the same every time?

      There is a reason why every major printer/press uses PDF. because of postscript it prints the same way every time. no other document format today does that.

      what I wish is that it didn't take the full version of adobe to make PDF forms. That you could make them just as simply as one makes regular PDF's

      --
      i thought once I was found, but it was only a dream.
    33. Re:At Last! by Anonymous Coward · · Score: 0

      "Perhaps there should be a Lite version of Adobe Acrobat for people who just want to view PDF files... we could call it "Adobe Acrobat Reader""

      It's call Preview :o)

    34. Re:At Last! by Aquina · · Score: 1

      Exactly! I guess they will never ever get that damn thing safe enough to compete with evince, kpdf or whatever. Honestly the only reason to use that Adobe Acrobat Reader crap is because it supports dozens of non-free features; that whole scripting and stuff. When I try to print out a document from my post office to send a package or something I will always have to call them for sending me a non-script version of the document. I doubt they will ever listen to their customers or take their security more seriously...

    35. Re:At Last! by Ant+P. · · Score: 1

      Is that the DRM I can turn on and off at will in Okular using a checkbox in the options window?

    36. Re:At Last! by Freultwah · · Score: 1

      Perhaps there should be a Lite version of Adobe Acrobat for people who just want to view PDF files... we could call it "Adobe Acrobat Reader"

      And somewhere along the way, like in 2003, we could drop "Acrobat" from the reader's name to make the product even leaner and lighter.

    37. Re:At Last! by Skuld-Chan · · Score: 2, Informative

      Reader 9 is 90 megs, not 200... The actual viewer itself is about 20 megabytes - the rest are plugins which you don't need to view pdf files.

      You could roll your own Adobe Reader lite - all the plugins are windows installer components - you could actually build your own reader lite and roll it out to your own organization - patches will still work like normal.

      On my Dell Optiplex 980 - cold start of reader 9 is instantaneous so not sure what to say there. They really do measure start performance of the app in testing. Reader/Acrobat 9 only load the modules they need on the fly - with version 8 and before yes I'd agree it was a startup mess.

      Why is it so big? Sumatra PDF just views PDF files - it doesn't support annotations, it doesn't support secure PDF files (windows/mac crypto intergration) it doesn't support 3d annotations, it doesn't support forms (no 3rd party viewer supports XFA forms yet), it doesn't have any connectivity options etc etc etc - I could literally go on for pages.

      Yes all these things were at one point customer requirements - some were rather big customers.

      I know people want a smaller viewer - you can roll your own easily, but as to why Adobe doesn't do it? No clue - haven't worked there in many years but I suspect it comes down to the amount of testing time. The test matrix for Reader is already 25 languages on well over 60 different platforms (3-4 different versions of linux, every distribution of Windows 32/64 - including server OS's back to Windows 2000, and every version of OSX - including PPC - for 9 since its a hybrid app).

    38. Re:At Last! by Skuld-Chan · · Score: 1

      Hardly ;) - my main job was to triage enterprise support issues (which meant writing and analyzing bugs, debugging problems, sometimes even traveling on site etc). As such - I worked closely with the developers on the product itself (a lot of fixed bugs, new features - stuff like that I owned the process on :)).

    39. Re:At Last! by Skuld-Chan · · Score: 1

      Well you can't overlay a form field on a scanned form in HTML with exact positioning (you might be able to now, I have no idea).

      Also you have to remember in 95 - html forms were primitive at best. A lot of these solutions were developed a long time ago and still have to be supported.

      Its a very similar situation with Flash vs. HTML-5. Flash solved a problem HTML could not at the time so it had a lot of adoption in places HTML-5 is slowly catching up on now (if that makes sense).

      Also another big thing - the developer tools for Acrobat forms were better than HTML tools.

      But I totally agree - there are plenty of places PDF forms have been used that HTML forms would have been better served.

    40. Re:At Last! by metrix007 · · Score: 1

      Actually, evolutionarily, the chicken came first.

      http://www.msnbc.msn.com/id/38238685/ns/technology_and_science-science/ [msn.com]

      The chicken would have had to have the mutation necessary to lay the egg in the first place.

      --
      If you ignore ACs because they are anonymous - you're an idiot.
    41. Re:At Last! by BitZtream · · Score: 1

      Wrong. Adobe reader has done a REAL good job about maintaining compatibility, which is fairly easy in its case.

      Start using different viewers and PDF starts to look different.

      You want HTML to always print the same? Simple, specify a single browser to use and documents will always print the same there too.

      Now I realize your point is that PDF is consistent and browsers very widely, but the only reason that is true is because one company controls the PDF format and the move standard forward internally without nearly as much jockeying around trying to get their personal patented bits into a 'public' standard.

      Theres no reason why HTML can't be this way, except people (browser vendors) don't follow the standard and extend it on their own.

      --
      Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
    42. Re:At Last! by Anonymous Coward · · Score: 0

      Are you refering to the document security flag?

      ADEPT DRM a little more than a flag, but it's DRM nonetheless - inherently broken: http://i-u2665-cabbages.blogspot.com/2009/02/circumventing-adobe-adept-drm-for-epub.html

    43. Re:At Last! by ByOhTek · · Score: 1

      Sorry, don't have flash. If that is talking about the eggshell protein, the logic is idiotic, and demonstrates either a reporter too eager to say something, or a scientist too desperate for funding and speaking out his ass.

      --
      Self proclaimed typo king, and inventor of the bear destroying coffee table (patent not pending).
  2. laughable. by Anonymous Coward · · Score: 0

    trying to patch up a rotten-to-the-core, leaking disaster? i smell failure on top of failure. a rewrite is the only solution, from bottom up.

  3. tl^2 by Anonymous Coward · · Score: 0

    Too little, too late.

    Anyway, given Adobe's past record, this probably will still make a vanilla chroot look like a bulletproof security measure.

  4. Putting the rotten, festering tomato in a can... by carlhaagen · · Score: 1

    ...will surely make it more attractive and suitable for consumption. Good one, Adobe.

  5. Too little too late. by Anonymous Coward · · Score: 0

    Even my Moms has switched to non-Adobe pdf software.

    1. Re:Too little too late. by Anonymous Coward · · Score: 0

      Even my Moms has switched to non-Adobe pdf software.

      So, which is the best (secutity-wise) non-adobe reader?

    2. Re:Too little too late. by Anonymous Coward · · Score: 0

      Okular

    3. Re:Too little too late. by Anonymous Coward · · Score: 0

      Even my Moms has switched to non-Adobe pdf software.

      Thats because she owed me money, and i told her switching was the best way to pay me back.. also tell her i said hi!

    4. Re:Too little too late. by Hal_Porter · · Score: 1

      She's switched to non "your Dad" men too.

      --
      echo -e 'global _start\n _start:\n mov eax, 2\n int 80h\n jmp _start' > a.asm; nasm a.asm -f elf; ld a.o -o a;
  6. when your os... by Anonymous Coward · · Score: 1, Insightful

    ...makes you always run with admin rights ( they should toss that policy out the *window*), individual programs have to act like little operating systems and do their own rights separation.

    1. Re:when your os... by afidel · · Score: 3, Insightful

      Windows hasn't done that since 2000 if you know what you are doing.... Even less so for Vista/2008 and up.

      --
      There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
    2. Re:when your os... by the_womble · · Score: 1

      True. I had to click some extra buttons to edit a config file on Vista. It was damn difficult to figure what to do though - how one edits a file as admin was far from obvious (no equivalent to "edit as root" in a Linux file manager).

      Of course, on Mandriva I could change the same config (the hosts file) in a GUI so I would not need to edit as root anyway.

      I was also amused to find that Windows copies Unix files structure in having a partial equivalent to /etc (though its buried several layers deep) called \etc nin which the hosts file sits.

  7. Hmm by Anonymous Coward · · Score: 2, Interesting

    Maybe they can make it a more reasonable size? Who needs a 60MB file reader?

  8. This is good but.... by mark-t · · Score: 3, Interesting

    ... I'm still waiting on acrobat reader for x86_64 Linux. While there are other PDF readers for Linux, none of them that I've found work properly with documents that use layering features apparently only found in Acrobat.

    --
    File under 'M' for 'Manic ranting'
    1. Re:This is good but.... by Anonymous Coward · · Score: 0

      In the long term it, it will be more effective to ask the Evince or other open source pdf viewers to support such a feature. If you get this x86_64 binary that supports this feature, then your documents may not work on your later ARM based PC, and others may not be able to read your doc as they use common open source readers.

    2. Re:This is good but.... by Skuld-Chan · · Score: 1

      Wow seriously? How about Adobe Reader for Linux?

    3. Re:This is good but.... by Anonymous Coward · · Score: 0

      exactly, dont know why anyone needs a 64bit binary for acrobat, its a fucking file reader

    4. Re:This is good but.... by Joseph+Vigneau · · Score: 1

      Looks like it's a 32 bit app, not an x86_64 app. Not good if you're running a pure 64-bit environment.

    5. Re:This is good but.... by Hal_Porter · · Score: 1

      Well if you want to run Acrobat, don't use a pure 64 bit environment.

      --
      echo -e 'global _start\n _start:\n mov eax, 2\n int 80h\n jmp _start' > a.asm; nasm a.asm -f elf; ld a.o -o a;
    6. Re:This is good but.... by the_womble · · Score: 1

      Why not? It works (on most distros), and its hardly performance critical.

  9. Gasp! by Quiet_Desperation · · Score: 3, Funny

    And little does anyone suspect that Reader X is actually Speed Reader's long lost brother!

    1. Re:Gasp! by Nimey · · Score: 1

      ror

      --
      Hail Eris, full of mischief...

      E pluribus sanguinem
    2. Re:Gasp! by Culture20 · · Score: 1

      Twice as funny if you imagine it in the voice of the Micro Machines guy.

    3. Re:Gasp! by Quiet_Desperation · · Score: 1

      ROR? Raph Out Roud? That seems vaguely racist. Hey, I tease.

      Seriosuly, though. Rate of Return? Ruby On Rails? Rotate Right? Help a brother out here.

    4. Re:Gasp! by Nimey · · Score: 1

      I believe the first one was the original. It's a common expression on another site I'm on.

      --
      Hail Eris, full of mischief...

      E pluribus sanguinem
  10. Great! by Local+ID10T · · Score: 4, Insightful

    New Adobe Acrobat Reader X!

    Slower and more bloated than ever before!

    New holes to exploit*!

    (*old holes still included)
    ...yeah, I'll stick with Foxit Reader.

    --
    "You want to know how to help your kids? Leave them the fuck alone." -George Carlin
    1. Re:Great! by hcpxvi · · Score: 2, Informative

      Oh so nearly Haiku! Let's try again:

      Adobe Reader X
      Slow, more bloated than before
      New holes to exploit


      Darn. You have to pronounce "Adobe" as "A-dob".

    2. Re:Great! by Anonymous Coward · · Score: 0

      Adobe RX
      Prescription for more exploits
      Take before breakfast

    3. Re:Great! by Skuld-Chan · · Score: 1

      I don't get this - seriously. Foxit often has the exact same exploits as Reader does - remember that postscript font bug/exploit Reader had? Foxit had it too, they fixed it a whopping 3 days faster than Adobe, and Adobe has to support about 24 more languages than Foxit does.

    4. Re:Great! by Abstrackt · · Score: 1

      Darn. You have to pronounce "Adobe" as "A-dob".

      And a haiku traditionally contains a word or phrase that symbolizes or implies the season.

      The new Reader X
      Still bloated like a dead cow
      More holes than swiss cheese

      --
      They say a little knowledge is a dangerous thing, but it's not one half so bad as a lot of ignorance. - Terry Pratchett
    5. Re:Great! by rekenner · · Score: 1

      Yeah. Ironically, FoxIt is now ... getting to the bloat and vulnerability of Adobe. So, it too has been replaced by another slim PDF viewer. I use SumatraPDF, personally. It's quick, small, and doesn't have enough features to be vulnerable.

    6. Re:Great! by eulernet · · Score: 1

      and Adobe has to support about 24 more languages than Foxit does.

      I don't understand what languages have to do with a patch in the code, or do you mean that the language resources are coded into the source itself or, even worse, that there are 24 different versions of the source ?

      The problem is not that Adobe took 3 more days than Foxit, the problem is that Foxit has patches easy to deploy, and Acrobat Reader hasn't, so any new exploit will work for a lot of time.

    7. Re:Great! by (Score.5,+Interestin · · Score: 1

      Yeah. Ironically, FoxIt is now ... getting to the bloat and vulnerability of Adobe. So, it too has been replaced by another slim PDF viewer. I use SumatraPDF, personally. It's quick, small, and doesn't have enough features to be vulnerable.

      I dropped Foxit for the same reason. I'm using STDUViewer, which isn't quite as... quirky as Sumatra, which seems to go out of its way to do straightforward things like text selection in as nonstandard a way as possible.

  11. Re:Reader X? Next Lawsuit by hcpxvi · · Score: 0, Offtopic

    Apple sues for the use of "X"
    Followed closely by that company that makes the X-box. What were they called, now? ISTR them having a lot of lawyers. I don't imagine that the current providers of the X Window System will bother.

  12. I think I speak for all of us by cerberusss · · Score: 1

    I think I speak for all of us when I say: Fuck you Adobe, fuck you and your stupid software. Which makes both our work and our private lives miserable with its gazillion security holes, one worse than the other.

    When I hear the word Adobe, I think of problems. That's the mindset you created.

    --
    8 of 13 people found this answer helpful. Did you?
    1. Re:I think I speak for all of us by Culture20 · · Score: 1

      When I hear the word Adobe, I think of problems. That's the mindset you created.

      Agreed. CS4 on Windows had a workaround method to update products remotely via command line (by downloading updates from their website). CS5 on Windows has those updates absent from the website. So we have to either grant access to the adobe updater program to run as admin for everyone and teach them to update (and scan to make sure), or manually use the GUI overselves on end users desktops. WTF? I bet the Mac version is just as foobared, but at least you can just ARD-push the application directories after updating on one computer (Curse Windows and its myriad folders and registry settings).

  13. A better protected mode by Dystopian+Rebel · · Score: 2, Insightful

    OS X - built-in Preview app
    Linux - Evince, several others
    M-Windows - Foxit, Sumatra

    The alternatives are so much better than Adobe Acrobat Reader that I think we can now say that the alternatives are the market and Acrobat Reader is the poor alternative.

    --
    Rich And Stupid is not so bad as Working For Rich And Stupid.
    1. Re:A better protected mode by blindbat · · Score: 2, Insightful

      Unless you work in the printing field. If so, all of the programs you list fail miserably at rendering the files. On both Mac and Windows.

    2. Re:A better protected mode by LWATCDR · · Score: 1

      Which very few of us are.
      The problem with Acrobat is simply feature bloat. Most people need a program that will let them read PDFs. That is it.

      --
      See my blog http://ilovecookes.blogspot.com/ for light hearted technical information.
    3. Re:A better protected mode by Kurt+Granroth · · Score: 1

      I think most people can agree that for most purposes, any alternative to Adobe Reader is going to be faster, smaller, and more secure. But let's not delude ourselves into thinking that just because we're not using Reader that we're completely safe from PDF exploits. Witness the recent XPDF vulnerability that affects nearly every Linux-based PDF resource:

      http://securitytracker.com/alerts/2010/Oct/1024526.html

      We're safe from a "security through obscurity" point of view (why bother writing an exploit for such a tiny market?) but this exploit is at least as bad as most of the Reader ones.

    4. Re:A better protected mode by internettoughguy · · Score: 1

      OS X - built-in Preview app
      Linux - Evince, several others
      M-Windows - Foxit, Sumatra

      The alternatives are so much better than Adobe Acrobat Reader that I think we can now say that the alternatives are the market and Acrobat Reader is the poor alternative.

      Add Chromium to that mix too; it now supports PDF, and is available for all of those platforms.

  14. Re:Reader X? Next Lawsuit by arth1 · · Score: 1

    More likely is that Apple will come out with their own not-entirely-compatible Acrobat reader, which sneak-installs QuickTime, iTunes and a web browser, and everyone will hail it as the best thing since sliced bread...

  15. Awesome. by blair1q · · Score: 1

    Protected mode involves having a separate process brokering write requests from the document viewer to the OS.

    Because that's just what a bloated resource-hog like Acroread needs, is a whole layer of IPC and ACL in the most basic of places...

    Why does anyone use PDF anymore anyway?

    1. Re:Awesome. by Anonymous Coward · · Score: 0

      Because it displays perfectly everywhere.

    2. Re:Awesome. by blair1q · · Score: 1

      For inexact values of "perfectly" and "everywhere".

    3. Re:Awesome. by Anonymous Coward · · Score: 0

      Stop making my sentences wrong by changing their correct meaning. I've never seen a PDF display improperly on any reader.

    4. Re:Awesome. by blair1q · · Score: 0, Troll

      My mistake. I should have said, "for ignorant values of 'perfectly' and 'everywhere'."

    5. Re:Awesome. by sexconker · · Score: 0

      Stop making my sentences wrong by changing their correct meaning. I've never seen a PDF display improperly on any reader.

      Horse shit.
      I have come across many a PDF that:

      Wouldn't display, at all.
      Wouldn't load the embedded fonts.
      Wouldn't properly apply the security restrictions.
      Wouldn't stop rotating pages when physically printed, despite any combination of rotation options across the PDF reader and the printer driver.
      Wouldn't kern a bog-standard font for shit. I shouldn't have to zoom to 125% or something to get the word "failure" to stop rendering as "fa i lur e".
      Etc.
      Etc.

    6. Re:Awesome. by Anonymous Coward · · Score: 0

      Stop making my sentences wrong by changing their correct meaning. I've never seen a PDF display improperly on any reader. That's a fact, not an opinion, and it's not ignorance, just 'bad luck' I guess. I deal with good readers and good files apparently.

    7. Re:Awesome. by DragonWriter · · Score: 1

      Why does anyone use PDF anymore anyway?

      Because no one has come up with a replacement technology that maintains PDF's strengths while having a compelling-enough set of advantages to get people to change.

    8. Re:Awesome. by blair1q · · Score: 1

      No, it's still ignorance, because it's not the fact that was in question, which was "it displays perfectly everywhere."

      So I again amend my remarks.

      "for deliberately self-unaware and/or ignorant values of 'perfectly' and 'everywhere'".

    9. Re:Awesome. by Anonymous Coward · · Score: 0

      Wrong again. I wouldn't not say "It displays perfectly everywhere" from now on, but "It has always displayed perfectly everywhere for me" (which is the obvious meaning, anyway).

      Ironic of you to call me ignorant as you bury your head in the sand.

    10. Re:Awesome. by blair1q · · Score: 1

      If you wanted to say that in the first place you would have. Instead, you said what you said, and it was an ignorant tautology, as you've proved by changing what you would say, now that you know you were wrong.

      As for whose head is in the sand, you have worms in your teeth.

    11. Re:Awesome. by Anonymous Coward · · Score: 0

      I didn't want to say that in the first place, you forced me to clarify because you're too much of a thick idiot to understand me. I said something about a product, obviously it reflects my own experience with it. In my case, I've never seen PDF break, so I mentioned to the poster above that it's one of the reasons why people use it. As for the "correction", it's not a tautology when it clarifies the meaning for people too stupid to comprehend it themselves, and calling me ignorant because I've never had PDF breakage is pretty much as dumb as you can get. More power to you if it means you can change people's meanings to twist it wrongly though. Your head isn't in the sand after all, it's up your ass.

  16. Reader X Updates coming soon... by digitaldc · · Score: 1

    So how many minutes will it be before we have to update Reader X after we install it?

    --
    He who knows best knows how little he knows. - Thomas Jefferson
    1. Re:Reader X Updates coming soon... by Teufelsmuhle · · Score: 1

      I bet it won't be long. I also bet that when I install the update, it will place another stupid Adobe Reader shortcut on my desktop.

    2. Re:Reader X Updates coming soon... by Anonymous Coward · · Score: 0

      And re-insert speed loader into the background start-up programs.

      Every Adobe update requires trashing the new icon and disabling the speed loader yet again.

    3. Re:Reader X Updates coming soon... by Anonymous Coward · · Score: 0

      The problem is not the update itself, but the process to upate Acrobat.
      You have to install updates all the previous ones before installing all the latest update.
      Right now, If you have Acrobat 9.0 you have to installed 10 updates before installing the last one (9.4)...

  17. Sumatra - too dumb to exploit. by Animats · · Score: 1

    Sumatra - it's so dumb that the Adobe exploits don't work. No forms. No plug-ins. No cut and paste. No networking. All it does is display PDFs in a separate window. Which, 99.9% of the time, is all you want.

    I don't even have Adobe Reader installed on my Windows 7 machine.

  18. More Bloat for Adobe Bloatware by BuckaBooBob · · Score: 1

    Its shocking to see other PDF reads that are as small as 1 Meg and how well they work compared to Adobes 100+ Meg install of a reader..

    A Sandbox sound like another awesome way to make a simple document reader even bigger.

    As it is now When I see someone using Acrobat I cringe and inform them there are alot of PDF readers out there that do a great job... and when they load one of them up they are amazed how fast PDF's open..

    The general Public needs to be informed that there are Better and More Secure PDF readers out there that are in pretty much every way better..

    --
    Who needs WiFi when we can have Packet Over Sheep! http://datacomm.org/PoS-InternetDraft.txt
  19. WTF? Why? It's a READER!!! by CPE1704TKS · · Score: 1

    This is getting ridiculous! I want Adobe Acrobat to just take a PDF and DISPLAY IT. I didn't sign up for all this bullshit with javascript, adding a service into my already crowded memory space that checks constantly for updates, etc. It's fucking ridiculous!

    All it's supposed to be is a way to format a document. Anything more than that, adding all this fucking unnecessary infrastructure/bloatware onto desktop just makes me crazy! The additional fact that it causes viruses makes me really, really close to saying fuck off to acrobat completely.

    It's as if the reading light switch on your car all of a sudden tried to get fancy, by adding motion detection, but then it needed additional layers to prevent it from draining your batteries it turns on because it detects motion on your car, so you're forced to buy tinted windows, etc, and oh yeah, it can somehow unlock the doors and start your car. It's a fucking utility that has taken on a life of it's own and I've really had to at this point.

    Actually, after this rant I've decided I'm going to uninstall Acrobat immediately.

  20. Re:Reader X? Next Lawsuit by theurge14 · · Score: 1

    That would be a pretty good zinger if Mac OS X didn't already have Preview.

  21. Adobe need a K-I-S-S by Entropy_Storm · · Score: 1

    Heck, if Symantec have started to undo the years of dross they've inflicted on PC users maybe it's time Adobe took a step back and evaluated what they do and do not need in what should be a relatively simple document reader.

  22. Who is the idiot... by FranckMartin · · Score: 1

    ...that decided to put a scripting language inside PDFs?

    Have we learn anything? Do we have to use back postscript for sending safe documents?

    --
    Franck Martin
    Avonsys
  23. alternatives... by DrYak · · Score: 1

    It's call Preview :o)

    or Okular (KDE) or Evine (GNOME) or Sumatra or Foxit (Win32) or even PalmPDF (old school PalmOS) etc.

    it seems that nowaday, everyone is able to make a decent PDF reader (thanks, among other, to Xpdf whose code ended up in poppler). Well except adobe themselves...

    --
    "Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
  24. I hope Adobe take advantage of this opportunity... by (Score.5,+Interestin · · Score: 1

    ... to add the 300MB of extra functionality to their reader that they've been holding back on for the last few years (scratch-n-sniff PDF support, essential stuff like that). Releasing a major new version like this would be a golden opportunity to add all the much-needed extras that they haven't dared add so far.