Adobe to switch on silent PDF updates for Reader, Acrobat
Move takes effect on Tuesday; users will have to configure tool for hands-off updating
Computerworld - Adobe will flip the switch next week on a service that silently updates customers' copies of its popular Reader and Acrobat PDF programs, the company's chief security executive said today.
Background updating in Adobe Reader Updater and the Adobe Acrobat Reader will be enabled on Tuesday, April 13, when Adobe delivers its next regularly-scheduled set of patches for the two programs, said Brad Arkin, the company's director for product security and privacy. "Starting Tuesday, we will turn on the server, and the new updater will take effect," said Arkin.
The move is meant to keep more users' software fully-patched, and thus more secure. Adobe has struggled to keep up with a swarm of vulnerabilities in PDF documents, which according to one analysis, were responsible for 80% of all exploits at the end of 2009.
Last year, the company patched four "zero-day" PDF vulnerabilities -- bugs that were actively being exploited when the fix was released -- and it's patched one PDF zero-day so far in 2010.
Most users already have the new updater on their machines: Adobe started pushing the new tool to Reader and Acrobat customers last October. However, it initially enabled the updater only for a group of invitation-only beta testers; next week will be the first time that it is turned on for the general public.
The biggest difference between Adobe's old and new update technology is that the latter offers a mode Arkin dubbed "silent," which updates the software in the background, without notifying the user or asking for additional permission. The older updater alerted users when patches or a new program version was available.
But out of the gate, users will see little change, Arkin noted. The current updater offers two modes -- a full manual mode where the user must explicitly ask for patches and a semi-automatic mode that notifies the user before beginning the download.
The new update service will not modify users' settings, said Arkin. "On Tuesday, we'll migrate the existing settings to the new updater, so if it's set on semi-automatic, then [the new updater] will do that, too."
Users will have to change the updater's options themselves to switch on the silent mode. "Most people will be on semi-automatic with the new updater," said Arkin. "To change that, they'll have to go into the configuration options and switch from semi to silent mode. We're not going to change someone from semi to silent without some kind of user action."
As early as July 13, the next quarterly security update for Reader and Acrobat, Adobe may prompt users to switch to silent mode with a pop-up dialog that offers to change the updater's settings. Saying that the dialog would resemble those users face when they install software, Arkin added that the offer will follow an opt-out model. "If they take all the defaults [in the dialog], it will switch to fully-automatic mode," he said.
Adobe will also decrease the interval between regular update offers, said Arkin. Currently, Adobe's servers notify the Reader and Acrobat software of an available update every seven days; that will decrease to every three days with the new tool.
"Updates were applied almost 100% within three days by the beta testers," he said, referring to the pool who have used the new updater for the last several months. Adobe's goal is to not only remove the need for users to approve updates, but also to speed up updating. "It takes too long for too many users today to update," he argued.
- Radicati: Cloud Business Email - Market Quadrant 2013 Google was named the top cloud business email provider in a recent report by research firm Radicati. Out of 14 key players, Google...
- Tablets in the Enterprise: A Checklist for Successful Deployment How can you enterprise manage and secure tablets in order to protect corporate data while providing access to the information and applications employees...
- Enterprise Mobility: A Checklist for Secure Containerization The advantages and disadvantages of the multiple approaches to containerization. Learn More>>
- Enterprise File Sync & Share Checklist File sync and share has changed the way people work and collaborate in today's tech-savvy world. Gone are the email roadblocks, clunky FTP...
- Live Webcast LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Security White Papers | Webcasts