Slashdot Mirror

← Back to Stories (view on slashdot.org)

Adobe Introduces the Paid Security Fix

Posted by timothy on from the sure-would-be-a-shame-if-somethin'-was-ta-happen dept.

Nimey writes "Adobe has posted a security bulletin for Photoshop CS5 for Windows and OSX. It seems there is a critical security hole that will allow attackers to execute arbitrary code in the context of the user running the affected application. Adobe's fix? You need to pay to upgrade to Photoshop CS6. For users who cannot upgrade to Adobe Photoshop CS6, Adobe recommends users follow security best practices and exercise caution when opening files from unknown or untrusted sources."

17 of 392 comments (clear)

  1. What a scam by StillNeedMoreCoffee · · Score: 5, Insightful

    I can see it now, all software vendors are going to introduce security flaws or wait until one is discovered to release the next paid upgrade release.

    I think a class action suit is in order for all the holders of the older version. It their software causes a security hole and if one person gets hammered by it then like the car companies having to recall and fix cars, software vendors will have to do likewise.

    Are you listening Adobe.

    1. Re:What a scam by aaronb1138 · · Score: 5, Interesting

      I just go with a policy of buying new copies of software every several versions. If I need a feature or bug fix from a version in between buying cycles, I have no moral issues obtaining an upgrade through alternate channels.

      Pretty much the way I look at it is, if I buy a product with a manufacturer defect, there should be no limitations on my ability to obtain a refund for the product. In the case of software, I don't find it unreasonable to skip past the unreasonable methods I would need to pursue to obtain a refund and purchase a fixed version.

      Lemon laws don't exist to protect consumers from the idea that an automobile is a failure, but rather to prevent consumers from being burdened by unreasonable processes for obtaining a working automobile pursuant to the arrangements they made at purchase.

      Also, no one should ever feel respect or bound to an EULA. The practice itself is inherently outside of common and established legal practices. If I were presented the license at the time of purchase, prior to paying, I might be able to respect it. Based on the concept of the EULA, I could have my PC pass a counter EULA to the installer or e-mailed to the vendor which outlined my requirements of their software in order to occupy space on my hard drive. If the installer continues, can I not consider their consent to be implied.

      It's the same reason, no one thinks twice about installing an ad-block on their browser. They have a right to control what content runs and executes on their computing device. I've voiced the opinion for quite some time that advertisements which attempt to get around ad-blocking actually constitute violations of most computer hacking laws (use of processing time on a computing system without authorization).

    2. Re:What a scam by javakah · · Score: 5, Interesting

      The house analogy is much closer to open source. If you find a flaw in the design, such as that thieves figured out how to pry open the windows, then you can't go back and sue the builders. You can however get new locks, add on new security to the house.

      Adobe though is more like a landlord who is anal about you making any, even tiny repairs. You aren't allowed to make any changes to the house itself. You find out that thieves have figured out how to pry open the windows. You report this to your landlord, expecting them to make appropriate repairs. They refuse to make reasonable repairs, but tell you that they have a different property for rent, with better secured windows, if you are willing to pay higher rent.

      The issue is that since they do not give you the source code to even allow you to make repairs, they should be obligated to make repairs themselves for a decent amount of time.

  2. Re:Call it the Microsoft method by Anonymous Coward · · Score: 5, Informative

    Sorry but Microsoft does the best at offering security fixes at no cost. I can't think of another company that does it better than Microsoft.

  3. Fuck you, Adobe! by Narcocide · · Score: 5, Interesting

    Since I can't mod Adobe "-1 flamebait" I'll just say it again. Fuck you, Adobe! I'd like to go on record as stating that you should all be ashamed of yourselves.

  4. Call it the /. method by Moheeheeko · · Score: 5, Insightful

    When you have nothing to say, blame Microsoft.

  5. Re:Glad I'm using the GIMP... by robot256 · · Score: 5, Insightful

    And everyone who downloaded it illegally will just download CS6 in response. Oh, and half the people who paid for CS5 will probably do the same thing. Great move, Adobe.

  6. Re:Car analogy by The+Infamous+Grimace · · Score: 5, Insightful

    No, but I could have my identity stolen, bank accounts compromised, vital information about friends/family/co-workers/customers stolen, etc. Looking only at one extreme possibility (or non-possibility, as you used) is, well, pretty damn narrow-minded.

    --
    Ignorance and prejudice and fear
    Walk hand in hand
  7. This is nothing new by SmallFurryCreature · · Score: 5, Insightful

    There is an old story I will retell that should serve as a warning for all customers.

    Once upon a time, there was a transport company employee charged with replacing a large segment of the companies trucks made by Volvo. The employee, being a bright individual called up a sales clerk from Ford that had been trying to get a foot in the door and asked him to send three Ford trucks for testing. The day the Volvo sales clerk came to make discuss the purchase of new Volvo trucks, these three Ford trucks happened to be parked on the lot. When the trucking company employee saw the Volvo sales clerk glance at them, he said "Yeah, the boss has been looking them, he seems to think they are an alternative worth looking into. But that is for later, lets discuss the deal you were going to offer us".

    In another company far far away, an CTO who loved IBM hardware knew it was time to discuss the purchase of new hardware, so he ordered an underling to set up a trial project with HP servers, just to see what the competition was doing. When the IBM man came by he of course showed him the workfloor including the corner where the junior was working on those shiny new HP servers, "Got to give the kids their toys to play with " the CTO told the IBM sales clerk. "Btw, what was the price you were going to ask for again".

    But in the dark and damp lands of Mordor, a very different tale was playing out. There the CTO invited the MS and Abobe sales clerk and proudly showed them how his entire business depended completely on their software product and how not only did they need the software to work flawlessly or they would be bankrupt in seconds, all the staff could only use the latest software and their customers demanded that they use the latest software. "BTW", The CTO asked, "what was that deal you wanted me to sign in my own blood again while bending over"? And there was much rejoicing among the Tribes of MS and Abobe, for they knew exactly who was calling the shots. One lockin to rule them all and in Eula bind them. For the users of MS and Abobe where greedy and feeble minded and could not break free of the spell.

    ---

    Really, this is nothing new. In the land of NAS and control systems, this is par de course. You let a supplier control you, control you they will. Want to break free? Good luck, your company needs the new version, license or risk being unable to produce so you hand them the cash and lock yourself in just a little bit more.

    Not a SINGLE Photoshop user will invest in his own freedom by making sure there are alternative methods to do his production. They will grind their teeth buy the latest version and invest yet more to make sure their production is entirely locked into Adobe clutches.

    Cue countless protests about how there are no alternatives... no, there are none because any who dares to try is ridiculed for not instantly producting a 100% compatible product for free because freedom should be free of effort and cost.

    You gave Adobe the control, enjoy it.

    It is not as if you are alone. Governments often dictate that procurement must be regulated, meaning that once a procurement contract has been done, all interest in customer satisfaction goes out the window because the contract is fixed, can't be ended and renewal depends solely on the price offered (not charged) so fuck you peon.

    I seen it to often in other industries, entire production line depended on one type of machine, fired your own maintenance team and anyone who could switch them out with other hardware. Goes, the "extra" charges sure went up a lot didn't they? Suddenly maintenance must be done by their certified team, at weekend charges.

    Lockin, avoid it or pay the price.

    --

    MMO Quests are like orgasms:

    You may solo them, I prefer them in a group.

    1. Re:This is nothing new by Anonymous Coward · · Score: 5, Insightful

      No, but if everytime a Photoshop user spent $2000 on updating to the latest version of Photoshop, they also sent a $100 check to the GIMP developers with a note explaining why they don't use GIMP... then pretty soon they wouldn't have to pay for Photoshop because GIMP would cover their needs (assuming enough Photoshop users did that, of course).

  8. Re:Call it the Microsoft method by Galestar · · Score: 5, Informative

    I'm sorry, but even "Non-Genuine" copies of Windows still get security fixes. There is no comparison here.

    Windows: Pirate our software, we'll still give you security fixes (although we might put a watermark asking you to stop pirating it)
    Adobe: Buy our software, but you only get security fixes if you give us even more money.

    Hell, MS gives security fixes even to XP until 2014 (13 years after its release). CS5 is less than 2 years old.

    --
    AccountKiller
  9. Re:This is not new by Overzeetop · · Score: 5, Insightful

    More importantly, if you bought CS5 for $2000 just three months ago, you have to pay to upgrade. It's like your iPhone 4 warranty running out when the 4s was released, even if you just purchased a v4 a couple weeks before hand.

    --
    Is it just my observation, or are there way too many stupid people in the world?
  10. Re:Call it the Microsoft method by exomondo · · Score: 5, Insightful

    If it's broken, get them to buy something to fix it.

    Oh come on, this 'oh Microsoft is just as bad' is the biggest cop-out. In this case it's just a blatant lie, CS5 was released early 2010 and this announcement means they've discontinued support for it, Windows XP was released in 2001 and is still supported now and will be until mid-2014.

  11. Re:Call it the Microsoft method by acoustix · · Score: 5, Insightful

    MS security fixes are not "no cost".

    They just look cheaper on the surface, because the cost is amortized across BILLIONS of forced Windows licenses, instead of MILLIONS of Photoshop licenses.

    Three orders of magnitude is very large in real life.

    Does not compute. Windows XP has been around for a decade. XP will have received "free" updates for 12 years when support is finally dropped. On the other hand, Adobe Photoshop has had 8 major version releases during that time. According to Adobe's website site, 4 of those versions are no longer supported...and apparently we need to add another few versions to the list.

    Bitch about MS all you want, but their support of security fixes for Windows and Office has been excellent compared to companies like Adobe. If I were a Photoshop user I would have spent thousands of dollars to keep my version in support compared to the $200 that XP costs up front. And yes, it really isn't fair to compare OS support to application support.

    --
    "A plan fiendishly clever in its intricacies"- Homer Simpson
  12. Re:Call it the Microsoft method by Anonymous Coward · · Score: 5, Insightful

    You're not a programmer, are you?

    You certainly know nothing about how impossible it is to write "perfect" software.

  13. Re:Call it the Microsoft method by chipschap · · Score: 5, Insightful

    "Bitch about MS all you want, but their support of security fixes for Windows and Office has been excellent compared to companies like Adobe"

    I have to agree, MS has indeed patched XP for a long time. MS gets lots of practice in patching security holes but to their credit (I never thought I'd say that about MS!) they have not charged anything for it. I can't even complain about them dropping support for XP in 2014; they've carried it for a long, long time and that is pretty responsible behavior (given the very slow move away from XP). Neither did they need to provide patches to pirated versions, but they did that in the best interests of the worldwide computing community.

    IIRC Adobe is not the first to pull this "buy the new version" stunt.

  14. Re:obvious.... by makomk · · Score: 5, Insightful

    Look at the release date of Adobe CS6. It was released on the 7th of May, basically just a few days ago. Now look at when the bug apparently reported to them - back in September of last year! It looks very much like Adobe have delayed fixing a serious security vulnerability until they could get away with charging users for the fix.