Adobe to switch on silent PDF updates for Reader, Acrobat
Move takes effect on Tuesday; users will have to configure tool for hands-off updating
Computerworld - Adobe will flip the switch next week on a service that silently updates customers' copies of its popular Reader and Acrobat PDF programs, the company's chief security executive said today.
Background updating in Adobe Reader Updater and the Adobe Acrobat Reader will be enabled on Tuesday, April 13, when Adobe delivers its next regularly-scheduled set of patches for the two programs, said Brad Arkin, the company's director for product security and privacy. "Starting Tuesday, we will turn on the server, and the new updater will take effect," said Arkin.
The move is meant to keep more users' software fully-patched, and thus more secure. Adobe has struggled to keep up with a swarm of vulnerabilities in PDF documents, which according to one analysis, were responsible for 80% of all exploits at the end of 2009.
Last year, the company patched four "zero-day" PDF vulnerabilities -- bugs that were actively being exploited when the fix was released -- and it's patched one PDF zero-day so far in 2010.
Most users already have the new updater on their machines: Adobe started pushing the new tool to Reader and Acrobat customers last October. However, it initially enabled the updater only for a group of invitation-only beta testers; next week will be the first time that it is turned on for the general public.
The biggest difference between Adobe's old and new update technology is that the latter offers a mode Arkin dubbed "silent," which updates the software in the background, without notifying the user or asking for additional permission. The older updater alerted users when patches or a new program version was available.
But out of the gate, users will see little change, Arkin noted. The current updater offers two modes -- a full manual mode where the user must explicitly ask for patches and a semi-automatic mode that notifies the user before beginning the download.
The new update service will not modify users' settings, said Arkin. "On Tuesday, we'll migrate the existing settings to the new updater, so if it's set on semi-automatic, then [the new updater] will do that, too."
Users will have to change the updater's options themselves to switch on the silent mode. "Most people will be on semi-automatic with the new updater," said Arkin. "To change that, they'll have to go into the configuration options and switch from semi to silent mode. We're not going to change someone from semi to silent without some kind of user action."
As early as July 13, the next quarterly security update for Reader and Acrobat, Adobe may prompt users to switch to silent mode with a pop-up dialog that offers to change the updater's settings. Saying that the dialog would resemble those users face when they install software, Arkin added that the offer will follow an opt-out model. "If they take all the defaults [in the dialog], it will switch to fully-automatic mode," he said.
Adobe will also decrease the interval between regular update offers, said Arkin. Currently, Adobe's servers notify the Reader and Acrobat software of an available update every seven days; that will decrease to every three days with the new tool.
"Updates were applied almost 100% within three days by the beta testers," he said, referring to the pool who have used the new updater for the last several months. Adobe's goal is to not only remove the need for users to approve updates, but also to speed up updating. "It takes too long for too many users today to update," he argued.
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts