Comments on: Adobe vulnerability — In perspective http://techlifepost.com/2009/03/11/latest-adobe-vulnerability-%e2%80%94-in-perspective/ Living with technology. Fri, 02 Mar 2012 00:17:39 +0000 hourly 1 http://wordpress.org/?v= By: Didier Stevens http://techlifepost.com/2009/03/11/latest-adobe-vulnerability-%e2%80%94-in-perspective/comment-page-1/#comment-545 Didier Stevens Thu, 12 Mar 2009 19:19:47 +0000 http://techlifepost.com/?p=3272#comment-545 @Jonathon: >I don’t understand why people still use Adobe Reader? PDF’s are > an ISO standard and there are so many smaller, lighter, faster > and feature rich alternatives (FoxitPDF reader) for example. Because most computer users don't understand the inner workings of computers. They don't understand the application document paradigm. If they want to open a document, they double-click it. They don't know that this action will launch an application (Acrobat) that will then open the document (PDF). They just think: the computer opened the document. And if most computer users are not aware of the application & document paradigm, they certainly wouldn't understand switching applications! BTW, I'm not advocating that users should understand the inner workings op computers. @Jonathon:

>I don’t understand why people still use Adobe Reader? PDF’s are
> an ISO standard and there are so many smaller, lighter, faster
> and feature rich alternatives (FoxitPDF reader) for example.

Because most computer users don’t understand the inner workings of computers. They don’t understand the application document paradigm. If they want to open a document, they double-click it. They don’t know that this action will launch an application (Acrobat) that will then open the document (PDF).
They just think: the computer opened the document.

And if most computer users are not aware of the application & document paradigm, they certainly wouldn’t understand switching applications!

BTW, I’m not advocating that users should understand the inner workings op computers.

]]> By: Didier Stevens http://techlifepost.com/2009/03/11/latest-adobe-vulnerability-%e2%80%94-in-perspective/comment-page-1/#comment-544 Didier Stevens Thu, 12 Mar 2009 18:37:18 +0000 http://techlifepost.com/?p=3272#comment-544 A valid reason to switch applications (e.g. Adobe -> Foxit) because of security, is not because the other application has a better security design, but because the other application is much less targeted. But this is a short term tactic. A valid reason to switch applications (e.g. Adobe -> Foxit) because of security, is not because the other application has a better security design, but because the other application is much less targeted. But this is a short term tactic.

]]> By: Evolving Squid http://techlifepost.com/2009/03/11/latest-adobe-vulnerability-%e2%80%94-in-perspective/comment-page-1/#comment-543 Evolving Squid Thu, 12 Mar 2009 16:21:35 +0000 http://techlifepost.com/?p=3272#comment-543 Here's why Johnathon (quote from another message board): >>User 2: The PDF requires a password? EDIT: Strange, the >>PDF reader on my linux machine demands a password, but it >>works fine in Windows... nevermind :P > >User 1: Should only require a password if you're trying >to alter the PDF settings. Should open clean with a >properly compatible reader. That's right... some open source reader couldn't handle a simple v7 PDF that was locked against making changes. And although there is a basic PDF standard that is ISO, the Adobe suite does a lot more beyond just making little files for people to read. I think that in time, third party applications for PDF will come along that are feature-rich and of commercial quality... but we're not there yet. Foxit also has (and has had) a number of security vulnerabilities: http://secunia.com/advisories/search/?search=Foxit the most important of which is this one, updated this morning: http://secunia.com/advisories/34036/ Here’s why Johnathon (quote from another message board):

>>User 2: The PDF requires a password? EDIT: Strange, the
>>PDF reader on my linux machine demands a password, but it
>>works fine in Windows… nevermind :P
>
>User 1: Should only require a password if you’re trying
>to alter the PDF settings. Should open clean with a
>properly compatible reader.

That’s right… some open source reader couldn’t handle a simple v7 PDF that was locked against making changes.

And although there is a basic PDF standard that is ISO, the Adobe suite does a lot more beyond just making little files for people to read.

I think that in time, third party applications for PDF will come along that are feature-rich and of commercial quality… but we’re not there yet.

Foxit also has (and has had) a number of security vulnerabilities: http://secunia.com/advisories/search/?search=Foxit the most important of which is this one, updated this morning: http://secunia.com/advisories/34036/

]]> By: Johnathon http://techlifepost.com/2009/03/11/latest-adobe-vulnerability-%e2%80%94-in-perspective/comment-page-1/#comment-540 Johnathon Thu, 12 Mar 2009 15:03:56 +0000 http://techlifepost.com/?p=3272#comment-540 I don't understand why people still use Adobe Reader? PDF's are an ISO standard and there are so many smaller, lighter, faster and feature rich alternatives (FoxitPDF reader) for example. Once I went Foxit, I never went back. -JM I don’t understand why people still use Adobe Reader? PDF’s are an ISO standard and there are so many smaller, lighter, faster and feature rich alternatives (FoxitPDF reader) for example.

Once I went Foxit, I never went back.

-JM

]]> By: Eric Jacksch http://techlifepost.com/2009/03/11/latest-adobe-vulnerability-%e2%80%94-in-perspective/comment-page-1/#comment-538 Eric Jacksch Thu, 12 Mar 2009 14:52:24 +0000 http://techlifepost.com/?p=3272#comment-538 Interesting point, but since Adobe Reader is free, it's not unreasonable to expect people to upgraded to the latest version. Interesting point, but since Adobe Reader is free, it’s not unreasonable to expect people to upgraded to the latest version.

]]> By: kingthorin http://techlifepost.com/2009/03/11/latest-adobe-vulnerability-%e2%80%94-in-perspective/comment-page-1/#comment-537 kingthorin Thu, 12 Mar 2009 14:26:45 +0000 http://techlifepost.com/?p=3272#comment-537 There's an important piece missing from this article. Yes Adobe has released an update for version 9 of Reader which corrects this issue but how many people are actually using 9? http://blog.threatfire.com/2009/03/pdf-reader-exploitation-2009.html Claims the following stats: Reader v9 less than 1% Reader v8 48% Reader v7 50% Now which should Adobe have put their effort in to patching first? I tried to find "official" numbers but was unable. The numbers above still provide perspective though. There’s an important piece missing from this article. Yes Adobe has released an update for version 9 of Reader which corrects this issue but how many people are actually using 9?

http://blog.threatfire.com/2009/03/pdf-reader-exploitation-2009.html

Claims the following stats:
Reader v9 less than 1%
Reader v8 48%
Reader v7 50%

Now which should Adobe have put their effort in to patching first?

I tried to find “official” numbers but was unable. The numbers above still provide perspective though.

]]>