Adobe Gets Regular On Security Patches

dasButcher writes "Adobe joins Microsoft and Oracle on regularly scheduled security patch releases. The first set of patches for Acrobat and Reader are scheduled for today, and Adobe will release future patch batches quarterly."

Acrobat Reader is crap

[deemen]

Good for Adobe, but Acrobat is crap anyways. It takes forever to load up and uses way more system resources than it should. Foxit Reader [foxitsoftware.com] is what you should be using.

Re:

[Anonymous Coward]

Reader might be crap, but Acrobat Professional has only a handful of competitors with equivalent feature sets. And then you can get into programs like Pitstop Pro, which cost twice as much as Acrobat Pro (but are absolutely essential if you need the features for real prepress work).

Re:

[JustOK]

kinkos can print word docs

Re:

[ThrowAwaySociety]

kinkos can print word docs

Printing a Word doc at Kinkos is like hiring chef Emeril Lagasse to serve you McDonalds food on a silver platter.

If you're going all the way to Kinkos to print something professionally, you probably want some control over what the output is going to look like. Word gives you none. A Word document can look different on two computers running the same version of Windows and the same version of Word with the same fonts, just because your default printer is different.

Re:

[Anonymous Coward]

The phrases "real prepress work" and "Word docs" have no reason to ever appear anywhere near each other. It reminds me of a guy applying for a sysadmin job at Google saying "I know how to use Norton."

Re:

[Celeste R]

Kinkos can't print all of the feature bloat that Adobe has put into its PDF format though.

How do you print a sound clip?

Re:

[JustOK]

no prob:
http://gizmodo.com/372994/earliest-audio-recording-resurrected-scares-the-genitals-off-us [gizmodo.com]

150 year old technology.

Re:

[EkriirkE]

Duh, etching like a phonograph

Re:

[EraserMouseMan]

It's a shame that such a tiny stupid little document reader has so many issues that it has to have regular patches & security updates. I can understand regular updates for an OS. But a glorified doc reader?

Re:

[jonwil]

The problem is all the crap Adobe has shoehorned into the PDF format like JavaScript and all those plugins. If PDF went back to what it should be, a document format with no extra crap, the problems will go away.

PDF and Acrobat need to go back to a core focus on being a way to represent documents and other things in a way that looks the same no matter what OS, screen resolution or browser you are running and ditch all the extra garbage that has made Acrobat and Acrobat Reader so bloated.

Re:

[Celeste R]

That glorified "doc reader" can do far more than you think, Adobe makes it possible to have a document in a file, with all of the features of a website.

Yes, it's "only a glorified .doc reader", but only things as powerful as TeX and such even compare. This is akin to saying "MS Word is only a glorified .txt reader".

Re:Acrobat Reader is crap

[geminidomino]

That glorified "doc reader" can do far more than you think, Adobe makes it possible to have a document in a file, with all of the features of a website.

And that's a good thing... why,again? PDF is supposed to be a portable doc format for predictable, portable printing, not a blasted website.

Re:

[LordLimecat]

<quote>That glorified "doc reader" can do far more than you think, Adobe makes it possible to have a document in a file, with all of the features of a website.</quote>
Sounds like something thats a browser's job. I had always understood PDF's purpose to be creating a "virtually printed" file--basically, how it appears in the reader IS how it will appear when printed. Why the hell is javascript involved now? Or is it people about 10 years ago completely forgot the point of a PDF

Re:

[MrNemesis]

I also used to use Foxit, but found an even more lightweight reader in the form of Sumatra PDF:

http://blog.kowalczyk.info/software/sumatrapdf/index.html [kowalczyk.info]

For the 99% of us that only read PDF docs, it's the fastest and least resource hungry PDF viewer I've ever used, plus the benefit of open sauce. IIRC even Foxit's fallen foul of some of the same vulns as acrobat.

FYI I've also got a full fledged version of Acrobat for when I do tech writing or annotate some of our existing docs, and I've never noticed any dif

Re:

[maxume]

Reader 9 improves loading speed quite a bit (even after the preloader is turned off). On a system with a couple of gigabytes of ram, it doesn't use a punishingly large amount of resources either (who doesn't upgrade to 2 gigs when it costs $25?).

Re:

[Chabo]

People who are still using DDR ram or older, which doesn't cost $25 for 2GB.

I'm upgrading this fall, I swear! ;)

Re:

[Donniedarkness]

I just wish they didn't package it with crap toolbars and such. I recommend it to people all the time, though, and I just make sure to warn them to read the install prompts.

Only quarterly???

[davidwr]

Quarterly makes sense for non-security patches but for critical security patches I hope they go "off-cycle."

For critical security vulnerabilities, I would like a beta patch OR workaround ASAP and a tested patch as soon as practical.

Re:Only quarterly???

[Drakkenmensch]

Quarterly makes sense for non-security patches but for critical security patches I hope they go "off-cycle."

Once per quarter is already a huge improvement on their previous schedule of not at all even when thousands of computers were getting infected by virus-ladden rigue PDF files.

Re:

[Culture20]

That's not a fair characterization. They planned a security update to be released a month later. A MONTH. And they did suggest turning off a feature that never should have existed and is not trivial to turn off remotely.

Re:

[Drakkenmensch]

I'm sure that's great comfort to all the people whose computers were infected in all the weeks that have gone by since this viral exploit was uncovered and put to destructive use.

Re:

[Rich0]

The real mess is a lack of package management on Windows.

On virtually any linux distro I can type one command and have the system check for security updates and provide me a list of all packages that require security updates. Another command will apply those updates. If I'm REALLY brave I can just put it in cron and have it just email me what its doing after the fact (not always wise - some linux distros sometimes break booting with core package upgrades). A different variation on the same process could

Slow news day?

[Rogerborg]

So, they're going to delay security updates until the next scheduled patch-o-rama?

Or are they going to release "critical" updates as needed, thus making a mockery of the schedule?

Either way, I find it hard to care one way or another. Can you find some way to tie this story to the OLPC, or Futurama?

Too much time.

[Deathlizard]

Although Quarterly is a start, it should be carried out on a monthly basis or at least have a plan for immediate release if an exploit goes wild.

Acrobat and Flash are some of the most used Apps second to MS products. They should at least be on par with their patching policy.

Adobe Gets Regular

[andrewd18]

"In light of its age and recent back-end irregularity, Adobe Acrobat Reader has promised to start taking steady doses of Metamucil."

Too slow

[gubers33]

Although it is good to see that Adobe is getting on a security release schedule, but they need to be better in patching their applications. The PDF flaw came up earlier this year they took far too long to release a patch, I recall patching my systems with private patches because Adobe took so long. The releases should be monthly or weekly if it is a serious vulnerability.

Adobe gets regular

[Celeste R]

My first impression was "it's that time of month?"

Patching would could be a non-issue...

[geekmux]

Ah, anyone remember the good ol' days of Adobe, when it was just a fucking reader??

Sorry if I'm being crass, but a damn PDF reader should not be 100MB worth of installer followed up with 20MB "patches". Damn Adobe v5 installer was 5MB, and guess what? v5 does everything I need it to do, and would likely suffice for 95% of Adobe users who do nothing more than view PDFs.

Everything else is going low-cal, low-carb, lite and dry, how about a simple PDF reader?

Re:

[buchner.johannes]

evince?

I mean for PDF readers you have a choice, I find these hundreds of megabytes for updating the .NET-Framework (MS Update) rich. I don't download that.

Re:

[Minwee]

Everything else is going low-cal, low-carb, lite and dry, how about a simple PDF reader?

Not a problem. Just try applying one of the patches found on this site [pdfreaders.org] to substantially upgrade the performance and reliability of Acrobat Reader. To avoid system instability you may need to uninstall your old version of Acrobat before upgrading.

About F*CKIN Time!

[hesaigo999ca]

Being the #1 worst application for vulnerabilities, meaning that its market share makes it installed on 99% of all pcs, you would think there long list of vulnerabilities would have made this a necessity years ago, but it is good news, maybe they will be a little more
up to date with their unit testing, and develop better then average sandboxes to test all the drive by execution flaws they have.

Colon-Blow?

[motherpusbucket]

"Adobe Gets Regular On Security Patches"
Is Adobe taking a fiber supplement? Cool! Maybe it will quit constipating my f*cking computer!