more bloat, more bugs..
These guys issue more updates than Microsoft these days, I can't keep up with them. No wonder Apple wishes Flash banished. No doubt when the sandbox technology makes it's appearance the download will probably double in size.
Adobe has confirmed reports that yet another unpatched vulnerability in the latest versions of its ubiquitous software is being actively exploited to infect end users with data-stealing malware. The vulnerability exists in Adobe's Reader document viewer and Flash Media Player for Windows, OS X and Unix operating systems, Adobe …
When M$ is having to help you with security because you are making their platform look insecure you know you have problems. Seriously though M$ unlike Adobe has come a long way in taking security seriously and though still fairly bad it has actually improved somewhat. Nice how the short term gain of moving development to India to boost executives bonuses is now biting them hard in the butt. Get mine right now and screw everyone else attitude why western civ is starting to decline.
Working in a security team is usually a depressing experience - under-resourced and fixing crap mistakes made by people who should have known better; not being allowed in to the design and review cycle early; etc.
And now you report it as if they are the ones to blame.... look higher up the tree and earlier in the process!
Have you ever tried to get time and budget to refactor old code? Or offer management two solutions:
Quick 'n' dirty.
Slow but well implemented.
Guess which they go for every time? Try and point out that the slower solution will be more future-proof and what's their response? "Doesn't matter - we can just factor the issues into development time for the next project".
The only projects I've worked on where the team was allowed to make quality and future-proofing a priority are those where the engineers ran the team. That's happened twice in the last 25 years.
Microsoft gives away a product called document viewer that does not have VBA capability and is a fairly safe way of looking at a possibly compromised DOC file.
Perhaps Adobe should do the same and make a product for looking at PDFs; I don't know what they would call it though, any suggestions?
It wouldn't be so bad if Adobe would make these things updateable using WSUS or something, but their whole world vision seems to be that every user is the admin on their PC and they can do these things by themselves, making us poor sysadmins either push them out using pstools or run around from workstation to workstation every week. This increases the consumption of beer. Maybe Adobe is in cahoots with the major breweries?
been recently pwned by the ramnit virus, if only m$ had designed the damned operating system so that users could'nt alter core system files without using a password.
Oh and the code that ate my system was a VBscript consisting of
Check for SVChost (windows only thing i guess)
Load data into memory
exec svchost linked to the data
How ****ing stupid is that ?
Any software designers that allow that sort of thing to happen ought to be taken out and shot.
I wont mention what should be done with the virus creators, but it does involve the hand grenade
svchost.exe is a generic application used as a host for DLLs (Windows shared libraries). DLLs can't be run directly from Windows; they have to be loaded and executed from some other executable. svchost.exe is an executable designed for that purpose.
At any time there will be a pretty long list of instances of svchost.exe, each of which is running one or more services from their respective DLLs. This virus was set up to run this way. It looks like from your description the data loaded into memory was the image of a DLL and svchost.exe was then induced to run it as such.
I understand the need for svchost but the reporting leaves a lot to be desired. TaskManager should be able to do better than just say 'svchost'. It ought to be able to list the DLLs it's hosting as a minimum. Ideally there should be a utility (maybe svchost itself) that can display the DLLs along with a meaningful description.
You mean like the Task Manager on Se7en does if you ask it nicely what that particular "svchost" is doing?
XP types can swap the XP Task Manager for the Sysinternals (now MS TechNet) Process Explorer to get the same functionality, showing the tasks hosted and allowing you to drill down and view the individual threads that it's fired off.
The one being developed on the freshly-Borged other.
According to popular myth even a bunch (sorry, troop) of monkeys with typewriters can get it right now and again! I don't even know if I can be bothered installing another Adobe update - what is it going to do next? Jeez, my PC needs more attention than my freaking kids nowadays! Pity I can't use 2 WTF Icons at the same time?
If/when Linux ever becomes a massively popular OS (ie;gains market share at least vaguely close to Windows) then bugs in Flash will matter more. It's a shame Linux hasn't achieved that kind of adoption really. It'd be very interesting to see how it would withstand the onslaught from hordes of Bad People(TM) once they thought enough people were using it to make it a worthwhile target.
PDF was a Portable Document Format. But Adobe want more money, so they want to sell upgrades, so they need new features that the marketing department can stick on the box.
They ran out of useful new features years ago and now keep sticking more crap that has nothing to do with documents into Acrobat. Who asked for Flash, video, sound in PDF files?
sorry but Adobe flash and Adobe reader are pretty ubiquitous in the online world - to view flash video and read PDFs - as such, a vast majority of systems on the web have such tools installed to make the web useful - and thus are prime targets for hackers.
okay...so you remove them - and their replacements are targetted instead - and that will be FoxIt too if it was worth it. and if not flash, then it'll be the browser itself - mark my words, the video components of new browsers will be seriously tested with HTML 5 and MP4 codecs being probed and attacked. the old MacOSX security myth is also slowly being eroded. Safari and Quicktime having quite a few updated in the past year already
Your theory is only partly tight - of course virus writers go for the biggest return (i.e. maximum number of users and/or biggest value targets to hack open).
But it also fails to weight up the relative underlying quality of code in different cases. If product A had hundreds of exploitable bugs, but product F only a few, even if they were of equal popularity you can work out which is going to be getting pw0ned more often.
Adobe's problem is they have so much dumb stuff in Acrobat (as already pointed out, who actually wants scripting and application running in a document reader?) and it appears to be written by incompetent monkeys, a combination guaranteed to FAIL.
RE: "How many more times... ...does this have to happen? Dump Flash, dump Adobe, and dump Windows at the same time, for good measure. Security problem solved."
For 6 months, until the guys writing the exploits stop aiming at Windows and instead start aiming at supposedly secure operating systems. Firefox on non-windows operating systems was shown to be vulnerable to the same 0-day that some script kiddie went after a few days ago.
The only difference was his malware was windows only. When malware starts becoming cross platform and includes Linux, then you're going to start needing to install proper AV on Linux :(
Why? Is it PDF that's broken, or is it Adobe's recent readers?
I still use Acrobat 5. It does what it says on the tin. It loads quickly and then it reads documents, and that's about all it does. Until it stops working (and it still works with pretty much every PDF I ever needed to read) then I stick with it. There's a lot of PDF out there and it's not going away anytime soon, even if Adobe Reader is.
Builds for windows here:
Adobe stopped adding useful things at around version 3 or 4 of reader. Since then, they have simply been 'embracing and extending' their own open format, in order to ensure that only Adobe Reader is able to process them (think gov.uk 'secure pdf' forms).
They are like Microsoft 10 years ago, except seemingly without any competent code monkeys.
I got several like this yesterday (2 versions with different download addresses but both resolving to the same URL). Sender name given as Adobe Support or Adobe News
"Adobe is pleased to announce new version upgrades for Adobe Acrobat 2010.
To upgrade and enhance your work productivity today, go to: http://www.adobe-acrobat-new-download.com"
(the other address: http://www.official-adobe-software.com)
Adobe don't publish any email addresses on their website so can't advise them of the spam.
While I'm not "a friend of Adobe" (with particular reference to their policy of translating already high USD price to GBP price by changing the currency symbol) nor do I have any time for a spam-promoted alternative. And who knows what malware it may include... At least the official product only contains bugs and vulnerabilities! And at least we get to hear about them and Adobe will probably release patches.
Biting the hand that feeds IT © 1998–2019