Adobe to switch on silent PDF updates for Reader, Acrobat
Move takes effect on Tuesday; users will have to configure tool for hands-off updating
Computerworld - Adobe will flip the switch next week on a service that silently updates customers' copies of its popular Reader and Acrobat PDF programs, the company's chief security executive said today.
Background updating in Adobe Reader Updater and the Adobe Acrobat Reader will be enabled on Tuesday, April 13, when Adobe delivers its next regularly-scheduled set of patches for the two programs, said Brad Arkin, the company's director for product security and privacy. "Starting Tuesday, we will turn on the server, and the new updater will take effect," said Arkin.
The move is meant to keep more users' software fully-patched, and thus more secure. Adobe has struggled to keep up with a swarm of vulnerabilities in PDF documents, which according to one analysis, were responsible for 80% of all exploits at the end of 2009.
Last year, the company patched four "zero-day" PDF vulnerabilities -- bugs that were actively being exploited when the fix was released -- and it's patched one PDF zero-day so far in 2010.
Most users already have the new updater on their machines: Adobe started pushing the new tool to Reader and Acrobat customers last October. However, it initially enabled the updater only for a group of invitation-only beta testers; next week will be the first time that it is turned on for the general public.
The biggest difference between Adobe's old and new update technology is that the latter offers a mode Arkin dubbed "silent," which updates the software in the background, without notifying the user or asking for additional permission. The older updater alerted users when patches or a new program version was available.
But out of the gate, users will see little change, Arkin noted. The current updater offers two modes -- a full manual mode where the user must explicitly ask for patches and a semi-automatic mode that notifies the user before beginning the download.
The new update service will not modify users' settings, said Arkin. "On Tuesday, we'll migrate the existing settings to the new updater, so if it's set on semi-automatic, then [the new updater] will do that, too."
Users will have to change the updater's options themselves to switch on the silent mode. "Most people will be on semi-automatic with the new updater," said Arkin. "To change that, they'll have to go into the configuration options and switch from semi to silent mode. We're not going to change someone from semi to silent without some kind of user action."
As early as July 13, the next quarterly security update for Reader and Acrobat, Adobe may prompt users to switch to silent mode with a pop-up dialog that offers to change the updater's settings. Saying that the dialog would resemble those users face when they install software, Arkin added that the offer will follow an opt-out model. "If they take all the defaults [in the dialog], it will switch to fully-automatic mode," he said.
Adobe will also decrease the interval between regular update offers, said Arkin. Currently, Adobe's servers notify the Reader and Acrobat software of an available update every seven days; that will decrease to every three days with the new tool.
"Updates were applied almost 100% within three days by the beta testers," he said, referring to the pool who have used the new updater for the last several months. Adobe's goal is to not only remove the need for users to approve updates, but also to speed up updating. "It takes too long for too many users today to update," he argued.
- The Truth About Cloud Security "Security" is the number one issue holding business leaders back from the cloud. But does the reality match the perception?
- Enable secure remote access to 3D data without sacrificing visual perfomance Design and manufacturing companies must adapt quickly to the demands of an increasingly global and competitive economy. To speed time to market for...
- Virtually Delivered High Performance 3D Graphics "A picture is worth a thousand words." That old phrase is as true today as it ever was. Pictures (i.e., those with heavy...
- Best Practices for Securing Hadoop Historically, Apache Hadoop has provided limited security capabilities. To protect sensitive data being stored and analyzed in Hadoop, security architects should use a...
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different....
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!