Adobe pushes Reader silent updates
Tells users it will update PDF viewer in the background, but lets them opt-out
Computerworld - Adobe has switched on silent updating for its popular Reader PDF viewer, the company announced Tuesday.
"[We're] turning the automatic update option on by default for all Adobe Reader users on Windows," said Brad Arkin, senior director of product security and privacy at Adobe, in a post to a company blog yesterday.
The next time an update is detected by Reader, Adobe will present a dialog box asking users to allow silent updating. In the dialog, the box "Install updates automatically" will be checked by default.
Users can decline to switch to silent, in-the-background updating, added Arkin,
Adobe debuted silent updating for Reader in April 2010 when it revamped the update tool bundled with the free PDF viewer, and with Acrobat, the for-a-fee PDF creation tool.
At the time, however, Adobe retained users' previous settings -- which defaulted to a semi-automatic mode that notified users before beginning to download an update -- and required them to manually set the new tool for silent updating.
With the Tuesday release of Reader 10.1 -- part of a massive multi-product security update that also patched Flash, ColdFusion and Shockwave -- Adobe flipped the "on-by-default" silent update mode for Windows users.
If users accept the change, Reader will download any future security updates automatically, then install them in the background. The only thing users will see is a message posted to the Windows system tray that their software has been updated.
Reader pings Adobe's servers every three days to determine whether an update is available.
The updater included with Reader 10.1 largely bypasses the UAC (user account control) warnings that typically prompt Windows Vista and Windows 7 users for an administrator password before allowing a program to install.
"If you run with an administrator account on your machine, we can now perform the fully automatic update for full installers and updates to the updater," said an Adobe spokeswoman in response to questions today. "We do this with the addition of our own Windows service."
Windows Vista and Windows 7 users running with a "standard" account -- which is most popular in the workplace, where IT staff want to lock down the company's PC -- will see the UAC query in some situations, such as when the update requires a full installer or an update for the updater itself is available.
Mac users do not have the option of using silent updating because Mac OS X demands the user's password before installing new software.
Adobe is following in Google's footsteps on silent updating. Chrome, the browser Google launched in 2008, has always relied on silent updates to keep itself up-to-date.
Last year, Mozilla discussed adding silent updating to Firefox, but then backed away from the plan before it wrapped up Firefox 4. Firefox 5, which is slated to ship next week, does not support silent updating.
Silent updates are meant to keep more users' software up-to-date and safer from the newest attacks. Adobe has struggled in the past to keep up with hackers who exploit unpatched PDF document vulnerabilities.
So far this year, Adobe has issued two regularly-scheduled security updates for Reader -- one in February, another this month -- but also delivered three emergency, or "out-of-band" patches for the program.
Reader 10.1 can be downloaded from Adobe's Web site. Alternately, users can run the program's update tool or wait for the software to prompt them that a new version is available.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer or subscribe to Gregg's RSS feed . His e-mail address is firstname.lastname@example.org.
Read more about Security in Computerworld's Security Topic Center.
- PCI 3.0 Compliance In this white paper, learn how PCI-DSS 3.0 effects how you deploy and maintain PCI compliant networks using CradlePoint devices.
- Mitigating Security Risks at the Networks Edge This white paper provides strategies and best practices for distributed enterprises to protect their networks against vulnerabilities, threats, and malicious attacks.
- 5 Strategies for Modern Data Protection Read the five strategies for modern data protection that will not only help solve your current data management challenges but also ensure that...
- 5 Ways Dropbox for Business Keeps Your Data Protected Protecting your data isn't a feature on a checklist, something to be tacked on as an afterthought. Download here to find out how...
- Business-driven data protection Setting up data protection infrastructures with your organizations' core mission or business in mind is key. In this webinar, the ARCserve team will...
- On-Demand Webinar: Mind the Gap! Watch the webinar featuring Bob Janssen, CTO and Co-Founder of RES Software, to start building a solid foundation for business and IT to... All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!