Adobe pushes Reader silent updates
Tells users it will update PDF viewer in the background, but lets them opt-out
Computerworld - Adobe has switched on silent updating for its popular Reader PDF viewer, the company announced Tuesday.
"[We're] turning the automatic update option on by default for all Adobe Reader users on Windows," said Brad Arkin, senior director of product security and privacy at Adobe, in a post to a company blog yesterday.
The next time an update is detected by Reader, Adobe will present a dialog box asking users to allow silent updating. In the dialog, the box "Install updates automatically" will be checked by default.
Users can decline to switch to silent, in-the-background updating, added Arkin,
Adobe debuted silent updating for Reader in April 2010 when it revamped the update tool bundled with the free PDF viewer, and with Acrobat, the for-a-fee PDF creation tool.
At the time, however, Adobe retained users' previous settings -- which defaulted to a semi-automatic mode that notified users before beginning to download an update -- and required them to manually set the new tool for silent updating.
With the Tuesday release of Reader 10.1 -- part of a massive multi-product security update that also patched Flash, ColdFusion and Shockwave -- Adobe flipped the "on-by-default" silent update mode for Windows users.
If users accept the change, Reader will download any future security updates automatically, then install them in the background. The only thing users will see is a message posted to the Windows system tray that their software has been updated.
Reader pings Adobe's servers every three days to determine whether an update is available.
The updater included with Reader 10.1 largely bypasses the UAC (user account control) warnings that typically prompt Windows Vista and Windows 7 users for an administrator password before allowing a program to install.
"If you run with an administrator account on your machine, we can now perform the fully automatic update for full installers and updates to the updater," said an Adobe spokeswoman in response to questions today. "We do this with the addition of our own Windows service."
Windows Vista and Windows 7 users running with a "standard" account -- which is most popular in the workplace, where IT staff want to lock down the company's PC -- will see the UAC query in some situations, such as when the update requires a full installer or an update for the updater itself is available.
Mac users do not have the option of using silent updating because Mac OS X demands the user's password before installing new software.
Adobe is following in Google's footsteps on silent updating. Chrome, the browser Google launched in 2008, has always relied on silent updates to keep itself up-to-date.
Last year, Mozilla discussed adding silent updating to Firefox, but then backed away from the plan before it wrapped up Firefox 4. Firefox 5, which is slated to ship next week, does not support silent updating.
Silent updates are meant to keep more users' software up-to-date and safer from the newest attacks. Adobe has struggled in the past to keep up with hackers who exploit unpatched PDF document vulnerabilities.
So far this year, Adobe has issued two regularly-scheduled security updates for Reader -- one in February, another this month -- but also delivered three emergency, or "out-of-band" patches for the program.
Reader 10.1 can be downloaded from Adobe's Web site. Alternately, users can run the program's update tool or wait for the software to prompt them that a new version is available.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer or subscribe to Gregg's RSS feed . His e-mail address is email@example.com.
Read more about Security in Computerworld's Security Topic Center.
- Radicati: Cloud Business Email - Market Quadrant 2013 Google was named the top cloud business email provider in a recent report by research firm Radicati. Out of 14 key players, Google...
- Tablets in the Enterprise: A Checklist for Successful Deployment How can you enterprise manage and secure tablets in order to protect corporate data while providing access to the information and applications employees...
- Enterprise Mobility: A Checklist for Secure Containerization The advantages and disadvantages of the multiple approaches to containerization. Learn More>>
- Enterprise File Sync & Share Checklist File sync and share has changed the way people work and collaborate in today's tech-savvy world. Gone are the email roadblocks, clunky FTP...
- Live Webcast LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Security White Papers | Webcasts