--
I just gotta rant for a couple paragraphs:
The most disappointing thing I learned this week is that Adobe knew about this current crop of security holes last December, 2008. So why are we only learning about it now and only getting patches now. Didn't I say Adobe sucks?
And isn't it amusing that Adobe patched up one slew of security holes last month, and waited on this slew of further security holes. What do they do over at their offices? Argue about whether to patch? How to patch? When to patch? How long can they delay it without people saying 'Adobe sucks"? I know they have a messed up work culture over there. Get with it dummies!
The Patches:
1) Adobe Flash Player v10.0.32.18. There is a special patch for version 9 users to v9.0.246.0.
2) Adobe Air v1.5.2
3) Adobe Reader v9.1.3 - Theoretically available Friday, July 31
4) Acrobat v9.1.3 - Theoretically available Friday, July 31
NOTE: Verify which version you have downloaded. Adobe often don't mark what specific version you are downloading. Instead they may tell you that you are downloading "the latest version" when in fact you are NOT. You need to DIY update whatever you downloaded to the actual 'latest version'. Adobe provide no warning whatsoever. Adobe know about this problem and maybe will stop this practice in the future.
As I say ad nauseam: We're still in the Stone Age of Computing, and in the future they will pity us for the clunky junky stuff we had to put up with. (o_0)
--
Showing posts with label Adobe sucks. Show all posts
Showing posts with label Adobe sucks. Show all posts
Thursday, 30 July 2009
Saturday, 25 July 2009
July's Round of Critical Adobe Vulnerabilities: New, Fresh, Dangerous
--
For those of you who took earlier advice from Intego or myself and killed off ADOBE READER, good work, because Adobe have released yet-another CRITICAL SECURITY ADVISORY! But this time it also includes FLASH as well as Acrobat. You knew it had to happen. Tsk tsk Adobe.
Here is where you can read all about it. I'm not going to quote the advisory. Just know that it was written by someone who is Windows-centric and it provides NO HELP for Mac users. Brilliant! Typical! ... As they say in Britain.
So I came up with my own stopgap probably sort of solution if you insist upon keeping Adobe Reader, Acrobat and the Flash Plug-in on your system. I originally posted this over at MacDailyNews.com. Please note that the preference setting names in Acrobat can be slightly different from the names I provide here for Adobe Reader. Otherwise, the setting changes are identical:
(If you really need to view web page embedded Flash files, try using FireFox running with the latest version of the DownloadHelper extension and download them onto your computer. I love it. Extra crunchy. Also be sure to use the NoScript extension for added safety from bad JavaScript. And be super duper safe by adding on the McAfee SiteAdvisor extension. And to have almost god-like security be sure to add in ...).
--
For those of you who took earlier advice from Intego or myself and killed off ADOBE READER, good work, because Adobe have released yet-another CRITICAL SECURITY ADVISORY! But this time it also includes FLASH as well as Acrobat. You knew it had to happen. Tsk tsk Adobe.
Here is where you can read all about it. I'm not going to quote the advisory. Just know that it was written by someone who is Windows-centric and it provides NO HELP for Mac users. Brilliant! Typical! ... As they say in Britain.
So I came up with my own stopgap probably sort of solution if you insist upon keeping Adobe Reader, Acrobat and the Flash Plug-in on your system. I originally posted this over at MacDailyNews.com. Please note that the preference setting names in Acrobat can be slightly different from the names I provide here for Adobe Reader. Otherwise, the setting changes are identical:
WHAT TO DO, my best guesstimation:Alternatives: Use Apple's Preview to open, view and create PDF files. To play Flash files that are not stuck in web pages, I use MPEG Streamclip. For web page embedded Flash files, you're hosed. Sorry. Write hate mail to Adobe.
Since the information Adobe provided is Windows-centric and a total FAIL for Mac users, seeing as Mac OS X has no-such-thing as .dll files, here is what I guesstimate is what's required to stop this vulnerability:
1) In Adobe Reader Preferences, go to "Multimedia Trust (Legacy)" and UNCHECK "Allow Multimedia Operations". That should kill running any Flash crap in PDF files.
2) In the Preferences, go to "Trust Manager" and UNCHECK "Allow opening of non-PDF file attachments with external applications". That should prevent any embedded Flash crap from running anywhere else on your computer as well.
3) In the Preferences, go to "JavaScript" and UNCHECK "Enable Acrobat JavaScript". That will disable a PDF from even being able to call the Flash plug-in for embedded Flash crap. (Considering the sewer of malware code that JavaScript has become, thank you Microsoft, I'd leave JavaScript off FOREVER if you want to seriously be safe).
*** Or to be extra special safe: Delete BOTH Adobe Reader AND their Flash plug-in from your computer. :-)
AND! Delete these folders, if you've got them:
/Applications/Utilties/Adobe Utilities/Adobe Updater5
and
/Applications/Utilties/Adobe Utilities/Adobe Updater6
AND AND! To be extra special safe, do a Get Info on the Adobe Utilities folder, noted above, and LOCK IT! This will prevent any installers from replacing the nasty Adobe Updater folders and the auto-installation garbage they contain, preventing Adobe from reinstalling Adobe Reader or Flash.
RIP Adobe insecure buggy crapware. :-P
NOTE: If you use other Adobe software, be sure to DIY check for updates on Adobe's website regularly. Adobe has some great software! But they also make some crap insecure software. Protect yourself. :-D
(If you really need to view web page embedded Flash files, try using FireFox running with the latest version of the DownloadHelper extension and download them onto your computer. I love it. Extra crunchy. Also be sure to use the NoScript extension for added safety from bad JavaScript. And be super duper safe by adding on the McAfee SiteAdvisor extension. And to have almost god-like security be sure to add in ...).
--
Wednesday, 11 March 2009
Mostly Harmless: Adobe Updater Requests Administrative Privileges!!!
--
Consider me profoundly ticked off at Adobe. This is the last straw for me regarding their Adobe Updater program. It has now been DELETED off my computer, and I suggest you do the same. I really hope I am being alarmist about what Adobe just tried to pull on me and I get lots of letters ranting at me about my foolishness. But I believe what I just witnessed on my Mac has tipped Adobe into the Evil Zone.
Until then:
Clutch your Mac firmly to your breast. Adobe are coming to take it away.
--
Back Story:
For the last several years it has been at times hell-on-Earth updating Adobe programs via the Internet. I have never, ever seen a more diabolically BAD system for updating programs. I've written to them about it several times as have hundreds of other people.
So this past year Adobe figured out they had a PR problem and offered professionals the opportunity to describe the problems with Adobe's update system. Hundreds of people again contacted Adobe. So everything is going to get all better now. Right?
Adobe wants to rule your Mac:
Tonight I got notification from good old VersionTracker.com that Adobe Reader version 9.1 had been released. It is a critical update that plugs some very bad security holes. Everyone should update ASAP. So of course I did the update.
As per usual, stupid Adobe couldn't do just one simple update, they had to ask me again and again for permission to install stuff. Among the added rubbish was yet another version of Adobe Updater. Clearly, nothing has been improved in Adobe's idiotic updating system over the Internet.
Then came the very-very last step: A box requesting my password, for a SECOND TIME, allowing Adobe Updater to have ADMINISTRATIVE PRIVILEGES, forever!
Stop and consider that a second. An application asked me if it could always have administrative privileges to do whatever it wanted to my computer at any time. IOW Adobe Updater was asking if it could rule my computer. This is called evil. (OK, now you can tell me I'm paranoid. But I don't think so!)
My response:
I canceled the request.
And for good measure I DELETED Adobe Updater from my computer.
Then I wrote the following to Adobe:
I just installed Adobe Reader 9.1 for Mac OS X.And so I have. And if (a big if) Adobe get off the arrogance kick and actually respond, I'll let you know and share what they say. You can start holding your breath . . . NOW.
Why did Adobe Updater ask me for my password so it could run, at will, with Administrative Privileges?
This is profoundly insecure, DANGEROUS and a bad idea in ALL situations.
As a result I CANCELED this privileges request. I also took Adobe Updater and ERASED IT from my computer. Adobe Updater will remain erased from my Macintosh computer until such time as Adobe explains itself regarding this DANGEROUS request. It had better be good. I will be publishing my disgust regarding your privileges request on the Internet and in computer user group newsletters this coming week.
Until then:
Clutch your Mac firmly to your breast. Adobe are coming to take it away.
--
Subscribe to:
Posts (Atom)