Adobe to switch on silent PDF updates for Reader, Acrobat
Move takes effect on Tuesday; users will have to configure tool for hands-off updating
Computerworld - Adobe will flip the switch next week on a service that silently updates customers' copies of its popular Reader and Acrobat PDF programs, the company's chief security executive said today.
Background updating in Adobe Reader Updater and the Adobe Acrobat Reader will be enabled on Tuesday, April 13, when Adobe delivers its next regularly-scheduled set of patches for the two programs, said Brad Arkin, the company's director for product security and privacy. "Starting Tuesday, we will turn on the server, and the new updater will take effect," said Arkin.
The move is meant to keep more users' software fully-patched, and thus more secure. Adobe has struggled to keep up with a swarm of vulnerabilities in PDF documents, which according to one analysis, were responsible for 80% of all exploits at the end of 2009.
Last year, the company patched four "zero-day" PDF vulnerabilities -- bugs that were actively being exploited when the fix was released -- and it's patched one PDF zero-day so far in 2010.
Most users already have the new updater on their machines: Adobe started pushing the new tool to Reader and Acrobat customers last October. However, it initially enabled the updater only for a group of invitation-only beta testers; next week will be the first time that it is turned on for the general public.
The biggest difference between Adobe's old and new update technology is that the latter offers a mode Arkin dubbed "silent," which updates the software in the background, without notifying the user or asking for additional permission. The older updater alerted users when patches or a new program version was available.
But out of the gate, users will see little change, Arkin noted. The current updater offers two modes -- a full manual mode where the user must explicitly ask for patches and a semi-automatic mode that notifies the user before beginning the download.
The new update service will not modify users' settings, said Arkin. "On Tuesday, we'll migrate the existing settings to the new updater, so if it's set on semi-automatic, then [the new updater] will do that, too."
Users will have to change the updater's options themselves to switch on the silent mode. "Most people will be on semi-automatic with the new updater," said Arkin. "To change that, they'll have to go into the configuration options and switch from semi to silent mode. We're not going to change someone from semi to silent without some kind of user action."
As early as July 13, the next quarterly security update for Reader and Acrobat, Adobe may prompt users to switch to silent mode with a pop-up dialog that offers to change the updater's settings. Saying that the dialog would resemble those users face when they install software, Arkin added that the offer will follow an opt-out model. "If they take all the defaults [in the dialog], it will switch to fully-automatic mode," he said.
Adobe will also decrease the interval between regular update offers, said Arkin. Currently, Adobe's servers notify the Reader and Acrobat software of an available update every seven days; that will decrease to every three days with the new tool.
"Updates were applied almost 100% within three days by the beta testers," he said, referring to the pool who have used the new updater for the last several months. Adobe's goal is to not only remove the need for users to approve updates, but also to speed up updating. "It takes too long for too many users today to update," he argued.
- PCI 3.0 Compliance In this white paper, learn how PCI-DSS 3.0 effects how you deploy and maintain PCI compliant networks using CradlePoint devices.
- Mitigating Security Risks at the Networks Edge This white paper provides strategies and best practices for distributed enterprises to protect their networks against vulnerabilities, threats, and malicious attacks.
- 5 Strategies for Modern Data Protection Read the five strategies for modern data protection that will not only help solve your current data management challenges but also ensure that...
- Single-Vendor Security Ecosystems Offer Concrete Benefits Over Point Solutions IT security decision-makers from companies with 100 to 5,000 employees evaluates the current endpoint security solution market based on Forrester's own market data,...
- Business-driven data protection Setting up data protection infrastructures with your organizations' core mission or business in mind is key. In this webinar, the ARCserve team will...
- On-Demand Webinar: Mind the Gap! Watch the webinar featuring Bob Janssen, CTO and Co-Founder of RES Software, to start building a solid foundation for business and IT to... All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!