ATTENTION: You are viewing a page formatted for mobile devices; to view the full web page, click HERE.

Main Area and Open Discussion > General Software Discussion

Acrobat bug can lead to malware installs without even opening an infected file

<< < (5/7) > >>

Josh:
You know, I love threads like this. Please hear me out.

Everytime a company starts out, they have an idea people like. When the idea catches on, they add the features that are requested by the major users of the product. After doing such, many of the smaller people jump ship and complain about bloat. This has happened to windows, this happened to symantec, this happened to adobe, and this happened to pretty much any company that made it big.

I understand the logic in that people want a product to stay small, but for a product to grow and catch new users, the developers have to add the features that are called for. Adobe reader is a fantastic product. I own, and just renewed actually, a license to several foxit products including the reader pro pack and pdf editor. While foxit's products are nice for portability, they do not hold a candle in usability when compared to adobe's products. Yes, adobe has been hit with an onslaught of vulnerabilities lately, but the issue lies deeper than adobe "not trying to find them" or "not filtering the code so they never existed in the first place".

There are only a finite amount of resources available for most companies R&D and testing departments. Beta testing helps alleviate this but it does not find everything. Adobe seems to have received lots of ridicule on this very site for the bugs that have been found. Would it have been nice if they were caught prior to this? Of course. The problem lies in that every piece of software is developed by man. Man is by nature fallible. As such, the software created by a fallible being is in and of itself fallible. How any person can sit and say "With a staff this large they should have caught these bugs" is laughable. There are millions upon millions of configurations that adobe and the beta test team simply cannot account for.

There is a reason Apple has made their software installable on only a limited amount of hardware. If apple had the same amount of hardware to support, they would have the same issues. The issue is not microsoft product centric, it just falls that way because A. Apple controls very tightly what hardware their products will install on without hacking, B. Linux is not supported by many major manufacturers minus the server side because it, in all reality, is not a feasible product for enterprise-wide deployment on a desktop scale, and C. Microsoft, like it or not, is the largest software company in the world and it's products are capable of supporting an infinite number of platform configurations. Microsoft has catered to what it's users want which is an OS which can install on any platform and perform a variety of tasks out of the box. Many of the problems we are seeing in many of these products relate to features which are either new, or very often not utilized as often as people proclaim.

So please, I ask for people to stop saying "Switch to XXX" whenever a vulnerability appears. Switching will not solve anything because as soon as that product makes it big, it will turn into every other product out there. Time has shown this to be definite and inevitable for any software manufacturer which makes it big. Let's focus on helping these companies detect and fix these issues in a timely manner rather than abandoning them because of a few flaws which, in well over half of the cases, never affect anything more than half a percent of the population.

Darwin:
Man is by nature fallible.
-Josh (March 09, 2009, 09:25 PM)
--- End quote ---

Spaek fro yursef.

J-Mac:
<p>Josh, I disagree that Adobe Reader had to grow as large as it has because of disparate user needs. Adobe finally got a little smarter with v.9 by not having so much load every time you open a PDF document, but it still loads way too much. E.g.:

PDF File size = 4.54 MB:  Adobe Reader 8: 46,320 kb; Foxit Reader 3: 8,220 kb

PDF File size = 6.34 MB:  Adobe Reader 8: 47,032 kb;  Foxit Reader 3: 10,456 kb

No file - Just start the app:  Adobe Reader 35,842 kb;  Foxit Reader 3: 3,952 kb

That's just too much of a hit on memory IMO. Not necessary if you are not using any other features. If other users all over the world have differing needs then create modules that can be added as needed.

Jim

f0dder:
While foxit's products are nice for portability, they do not hold a candle in usability when compared to adobe's products.-Josh
--- End quote ---
If you only need PDF reading, and not authoring, just what advantages does Adobe Reader have over Foxit? For my needs, FR is superior to AR because of it's simplicity and smaller size.

While foxit's products are nice for portability, they do not hold a candle in usability when compared to adobe's products.-Josh
--- End quote ---
Perhaps Adobe should spend a bit more time on testing and bugfixing than adding useless graphical glitz (like the skinned crap in recent AR versions).

There is a reason Apple has made their software installable on only a limited amount of hardware. If apple had the same amount of hardware to support, they would have the same issues.-Josh
--- End quote ---
Bullshit. They would have more driver issues, yeah, but software bugs are only very rarely hardware-dependent.

app103:
There is a reason Apple has made their software installable on only a limited amount of hardware. If apple had the same amount of hardware to support, they would have the same issues. The issue is not microsoft product centric, it just falls that way because A. Apple controls very tightly what hardware their products will install on without hacking, B. Linux is not supported by many major manufacturers minus the server side because it, in all reality, is not a feasible product for enterprise-wide deployment on a desktop scale, and C. Microsoft, like it or not, is the largest software company in the world and it's products are capable of supporting an infinite number of platform configurations. Microsoft has catered to what it's users want which is an OS which can install on any platform and perform a variety of tasks out of the box. Many of the problems we are seeing in many of these products relate to features which are either new, or very often not utilized as often as people proclaim.
-Josh (March 09, 2009, 09:25 PM)
--- End quote ---

Looks like OSX, iPhone, and possibly *nix may be vulnerable to this too.

http://isc.sans.org/diary.html?storyid=5932

Navigation

[0] Message Index

[#] Next page

[*] Previous page

Go to full version