Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Adobe Reader X With Sandbox Due In November

CmdrTaco posted more than 3 years ago | from the i-like-the-dump-truck dept.

Security 110

Trailrunner7 writes "Adobe will finally release the new version of its Reader software — which will include the much-anticipated Protected Mode security feature — next month. Adobe Reader X will include a number of other new features in addition to the sandbox feature. Adobe officials have been discussing Protected Mode for several months now and said early on that it would be included in the next version of Reader, but had never set a time line for the release of Reader X. Now, the company says the new version will be available in November, although no specific date was announced."

cancel ×

110 comments

Sorry! There are no comments related to the filter you selected.

At Last! (3, Interesting)

WrongSizeGlass (838941) | more than 3 years ago | (#33934330)

At last ... the malware writers will have a new challenge, and just in time for those long holiday weekends. I'm betting they find a way around Adobe's "sandbox" before the end of the year. Adobe used to make very good software - now they make very exploitable software.

Re:At Last! (4, Funny)

ByOhTek (1181381) | more than 3 years ago | (#33934382)

The big question is... Which will be released first?

The new version, or the exploits for the new version.

Re:At Last! (0)

Anonymous Coward | more than 3 years ago | (#33934410)

The big question is... Which will be released first?

The new version, or the exploits for the new version.

Chicken or the egg, cluck cluck cluck ...

Re:At Last! (2, Interesting)

ByOhTek (1181381) | more than 3 years ago | (#33935272)

Do you define the species of an egg by what produced it, or what came out of it?

If the former, the chicken. If the latter, the egg.

Re:At Last! (0)

Anonymous Coward | more than 3 years ago | (#33935420)

What if the egg contained twin embryos, one of which is a chicken by all modern definitions, and one of which is a throwback chicken-precursor that cannot successfully reproduce with chickens but can successfully reproduce with a certain set of chicken-precursors?

What then?

(I acknowledge I have no idea if chicken fraternal twins can happen that way and suspect they cannot, and that the scenario is pretty ridiculous)

Re:At Last! (4, Insightful)

MoonBuggy (611105) | more than 3 years ago | (#33934454)

Adobe used to make very good software - now they make very exploitable software.

They still can make good software, which they proceed to sell for very large quantities of cash. What I don't really understand is why they ever updated PDF beyond being a simple document format - it introduced all of these vulnerabilities, and gave them a lot more work to do on their free reader software, for little real value. What was wrong with just keeping it as a simple extension of postscript?

Re:At Last! (1)

grub (11606) | more than 3 years ago | (#33934528)


What I don't really understand is why they ever updated PDF beyond being a simple document format - it introduced all of these vulnerabilities

There would be no money in the long run had they released "Reader v1.0" and turned off the lights.

Re:At Last! (1)

MoonBuggy (611105) | more than 3 years ago | (#33934784)

I wouldn't have thought there was any money at all in the reader itself. The less work to do on it, the better.

I suppose perhaps they were trying to drive sales of the full version of Acrobat, but then I don't see who would really purchase that specifically when there are plenty of free/extremely cheap methods to export to PDF from your document creation software of choice. It seems foolish to have screwed over a perfectly good format in an effort to salvage sales a largely redundant piece of software - it's the kind of behaviour that I would understand if Acrobat were their main or only product, but when they've got Photoshop, Illustrator, InDesign, Premiere, and the like I don't see the need for it.

Re:At Last! (3, Informative)

neumayr (819083) | more than 3 years ago | (#33934888)

Acrobat isn't replaced by "Print to PDF". Not by a long shot.
If all this extra functionality is actually needed, I do not know. But making PDF popular is part of what lets them sell their ADEPT DRM solution, and I'm sure that's making them a pretty penny.

Re:At Last! (2, Interesting)

RDW (41497) | more than 3 years ago | (#33935458)

The really irritating thing is that if you do need the full Acrobat package you have to buy an upgrade as soon as your version is EOL'd, even if you're perfectly happy with its features, because there'll be no more security updates to fix whatever gaping vulnerability has been discovered that week. Since they release a new version about every two years, and only support it for 5 years from first release, if you buy a version towards the end of its release period you could have as little as 3 years before the damn thing is too dangerous to have on your system.

Re:At Last! (0)

Anonymous Coward | more than 3 years ago | (#33936112)

So sort of like Ubuntu LTS versions then. 3 years and then too dangerous to run. Unlike the non-LTS versions which are 18 months and then too dangerous to run. What was your point? Was it that vendors eventually stop patching old crap? Well duh!

Re:At Last! (1)

Ant P. (974313) | more than 3 years ago | (#33939106)

Is that the DRM I can turn on and off at will in Okular using a checkbox in the options window?

Re:At Last! (1)

rudy_wayne (414635) | more than 3 years ago | (#33934602)

hey still can make good software, which they proceed to sell for very large quantities of cash. What I don't really understand is why they ever updated PDF beyond being a simple document format - it introduced all of these vulnerabilities, and gave them a lot more work to do on their free reader software, for little real value. What was wrong with just keeping it as a simple extension of postscript?

Like any product, they have to keep producing new versions with new "features" so that existing users will want to upgrade. Otherwise everyone would still be using version 1.0 and Adobe wouldn't make any money. Unfortunately this creates the existing cycle of constantly introducing new exploitable bugs which must be patched.

Re:At Last! (2, Funny)

arth1 (260657) | more than 3 years ago | (#33934712)

It's called "feeping creaturitis". You have to come out with new versions in order to sell, and new versions need something new. It's easy for things that absolutely don't belong to creep in, when you've run out of good ideas.

Remember Lett's Law: "All programs evolve until they can send email."
(And my corollary: "Except Exchange")

Re:At Last! (1)

BlitzTech (1386589) | more than 3 years ago | (#33935372)

Don't forget Zawinski's Law of Software Envelopment:

Every program attempts to expand until it can read mail. Those programs which cannot so expand are replaced by ones which can.

Re:At Last! (2, Interesting)

JonySuede (1908576) | more than 3 years ago | (#33934778)

postscript is already turing complete...

Re:At Last! (1)

phantomcircuit (938963) | more than 3 years ago | (#33934816)

They added the new features to sell upgrade of their document production software.

Re:At Last! (5, Informative)

Skuld-Chan (302449) | more than 3 years ago | (#33934946)

Having worked on Adobe Acrobat (and Reader) for the last 8 or so years (my name is in a good chunk of all the release credits since version 5 or 6) the feature to add form support was added in version 3 (which came out in the mid 90's) as an addon.

It was added for the same reason a lot of features were added - to extend the product compete in a specific marketplace - specifically places where forms are displayed. Same reason a lot of features in a lot of products are added - to make more money in another market.

Where I work now they use a development kit from Datatel called Colleague - most of what it does is display forms from a pick database and read or save these fields (it has scheduling, accounting/ap/ar etc as well built in). You could in fact use Acrobat to display these same forms. And if your migrating from a paper based workflow - you can in fact scan all these forms in, add a bunch of fields with whatever logic JS provides (and in turn hook that into whatever logic livecycle server provides) and you have an electronic version of the paper form you used to file away.

That was in fact (as I recall it was a while back) the marketing pitch.

It does work too - there's even support for SAP. At one point the IRS had grand visions of filing all your taxes electronically with it (but since we can't have nice things in this country that got canned) - so it does have a lot of potential. Since something like 90% of all PC's have some version of Reader - it's an excellent target platform if you want to display paper like forms on the net.

But like ANYTHING that has any kind of outside connectivity it's vulnerable to attack. People on here always herald other technologies as they would save us from whatever we use now, but its just a matter of what is and isn't the target. Acrobat 4 and 5 had massive vulnerabilities, but no-one ever complained about rogue pdf files because it wasn't a target. I remember the first big vulnerability on Acrobat 7 - it wasn't sanitizing inputs (it does now!) and allowed a PDF to execute commands on the PC (very similar to the bobby tables comic). After that exploit - the blood was in the water and everyone and their sister wanted to poke away at the code to find new ones (and being a very old product it has plenty of them...).

Re:At Last! (5, Insightful)

Anonymous Coward | more than 3 years ago | (#33935168)

So why is it that Acrobat reader is 200mb and takes forever to install, and installs several other adobe products with it and then requires admin rights to install updates so it always gets outdated and becomes vulnerable?... it's because it has become bloatware. Just like Quickbooks, it just keeps getting slower and slower and slower, and contains more features that 90% of users wont ever use.

SumatraPDF is like 1.5MB and installs in less than 5 seconds and opens instantly

Perhaps there should be a Lite version of Adobe Acrobat for people who just want to view PDF files... we could call it "Adobe Acrobat Reader"

Re:At Last! (0)

Anonymous Coward | more than 3 years ago | (#33938858)

"Perhaps there should be a Lite version of Adobe Acrobat for people who just want to view PDF files... we could call it "Adobe Acrobat Reader""

It's call Preview :o)

alternatives... (1)

DrYak (748999) | more than 3 years ago | (#33939336)

It's call Preview :o)

or Okular (KDE) or Evine (GNOME) or Sumatra or Foxit (Win32) or even PalmPDF (old school PalmOS) etc.

it seems that nowaday, everyone is able to make a decent PDF reader (thanks, among other, to Xpdf whose code ended up in poppler). Well except adobe themselves...

Re:At Last! (1)

Freultwah (739055) | more than 3 years ago | (#33939178)

Perhaps there should be a Lite version of Adobe Acrobat for people who just want to view PDF files... we could call it "Adobe Acrobat Reader"

And somewhere along the way, like in 2003, we could drop "Acrobat" from the reader's name to make the product even leaner and lighter.

Re:At Last! (2, Informative)

Skuld-Chan (302449) | more than 3 years ago | (#33939570)

Reader 9 is 90 megs, not 200... The actual viewer itself is about 20 megabytes - the rest are plugins which you don't need to view pdf files.

You could roll your own Adobe Reader lite - all the plugins are windows installer components - you could actually build your own reader lite and roll it out to your own organization - patches will still work like normal.

On my Dell Optiplex 980 - cold start of reader 9 is instantaneous so not sure what to say there. They really do measure start performance of the app in testing. Reader/Acrobat 9 only load the modules they need on the fly - with version 8 and before yes I'd agree it was a startup mess.

Why is it so big? Sumatra PDF just views PDF files - it doesn't support annotations, it doesn't support secure PDF files (windows/mac crypto intergration) it doesn't support 3d annotations, it doesn't support forms (no 3rd party viewer supports XFA forms yet), it doesn't have any connectivity options etc etc etc - I could literally go on for pages.

Yes all these things were at one point customer requirements - some were rather big customers.

I know people want a smaller viewer - you can roll your own easily, but as to why Adobe doesn't do it? No clue - haven't worked there in many years but I suspect it comes down to the amount of testing time. The test matrix for Reader is already 25 languages on well over 60 different platforms (3-4 different versions of linux, every distribution of Windows 32/64 - including server OS's back to Windows 2000, and every version of OSX - including PPC - for 9 since its a hybrid app).

Re:At Last! (1)

waddleman (1230926) | more than 3 years ago | (#33935398)

BTW. I filed last year taxes with the IRS using this feature. See the free file fillable forms options. The forms do a lot of the basic math calculations also.

Re:At Last! (1)

Matt Perry (793115) | more than 3 years ago | (#33936310)

Having worked on Adobe Acrobat (and Reader) for the last 8 or so years (my name is in a good chunk of all the release credits since version 5 or 6)

Aha! So you are to blame! Get him, boys!

Re:At Last! (1)

Skuld-Chan (302449) | more than 3 years ago | (#33939676)

Hardly ;) - my main job was to triage enterprise support issues (which meant writing and analyzing bugs, debugging problems, sometimes even traveling on site etc). As such - I worked closely with the developers on the product itself (a lot of fixed bugs, new features - stuff like that I owned the process on :)).

Re:At Last! (1)

BitZtream (692029) | more than 3 years ago | (#33936912)

So why not just use HTML, its penetration rate is higher than PDF, has more software for displaying it, and does pretty much all the same shit ... oh, and most browsers have some sort of security mechanisms built in.

Its neat that you worked on Acrobat and its dirty children, but don't you think you could have spent that time doing something better than reinventing the wheel in a substandard way?

Whats great is that you take credit for a bunch of work in acrobat, then proceed to point out (probably not intentionally though) how shitty the code is and how it missing basic freaking common sense bits like input sanitization.

The blood was in the water because it became blindly clear over night that you and your team had no clue how to write code used in an untrusted network environment.

PDF wants to be HTML, just using PostScript instead, and it sucks at it. Much like Flash, PDF needs to die.

I could continue on about all the other retarded things Adobe does (Has Adobe Reader's install bloated past 300meg yet? WTF) but why bother.

Little hint: Don't brag or tell people about your time at Adobe, only idiots will find it impressive.

Re:At Last! (1)

peragrin (659227) | more than 3 years ago | (#33938432)

because unlike HTML PDF prints the same every time?

There is a reason why every major printer/press uses PDF. because of postscript it prints the same way every time. no other document format today does that.

what I wish is that it didn't take the full version of adobe to make PDF forms. That you could make them just as simply as one makes regular PDF's

Re:At Last! (1)

Skuld-Chan (302449) | more than 3 years ago | (#33939726)

Well you can't overlay a form field on a scanned form in HTML with exact positioning (you might be able to now, I have no idea).

Also you have to remember in 95 - html forms were primitive at best. A lot of these solutions were developed a long time ago and still have to be supported.

Its a very similar situation with Flash vs. HTML-5. Flash solved a problem HTML could not at the time so it had a lot of adoption in places HTML-5 is slowly catching up on now (if that makes sense).

Also another big thing - the developer tools for Acrobat forms were better than HTML tools.

But I totally agree - there are plenty of places PDF forms have been used that HTML forms would have been better served.

Re:At Last! (0)

Anonymous Coward | more than 3 years ago | (#33937046)

Having worked on Adobe Acrobat (and Reader) for the last 8 or so years (my name is in a good chunk of all the release credits since version 5 or 6) the feature to add form support was added in version 3 (which came out in the mid 90's) as an addon.

Oh I'll bet you have tons of friends in the IT world. :p

On a more practical note, I would not brag about that here. To these people, "It's shitty because it's popular" is not a valid defense for a bad document viewer any more than it is for a bad OS.

Re:At Last! (3, Informative)

pclminion (145572) | more than 3 years ago | (#33935114)

PDF is not an extension of PostScript. There is a superficial similarity between the PDF content stream format and PostScript, and although this was done deliberately to make printing PDFs to PostScript devices simpler, it is not a real derivative of PostScript. For instance, there is no operand stack, and there are no control flow or looping constructions.

A PDF file is essentially an object-oriented database. Some of the contents of this database are graphics operator streams which are syntactically similar to PostScript. That is where the similarity begins and where it ends.

Re:At Last! (1)

BitZtream (692029) | more than 3 years ago | (#33936934)

Yea, so uhm, its based on PostScript then isn't it? You know, PostScript but different ... so it could be sent to PostScript printers easily ...

Re:At Last! (2, Informative)

pclminion (145572) | more than 3 years ago | (#33937056)

It's "based on PostScript" in the same sense that Windows 7 is "based on DOS." The relationship is minor, incidental, and as a matter of fact, not even guaranteed going forward. PDF has a concept of a "ProcSet," a set of macros which are exported to a PostScript device prior to sending a page content stream. These ProcSets used to be mandatory. They are no longer required and are now considered deprecated. What it means is that natural PDF content streams are no longer directly usable by PostScript printers. This divergence will most likely continue.

If you like, I can also present an experiential argument. I have spent a lot of time implementing code which manipulates PostScript, PDF, and several other page description languages. I can say from experience that the supposed similarity between PostScript and PDF is of absolutely no help in implementing either of them. They are completely different things.

It's like saying that Java and C++ are based on each other because their syntax looks similar. It just isn't the case.

Re:At Last! (1)

Quiet_Desperation (858215) | more than 3 years ago | (#33935520)

I went to a connector manufacturer web page the other day for a data sheet, and they had 3D models of the connector in PDF format. You could open it op and rotate the 3D model around in a PDF. Didn't work worth a damn on a six month old PC with an i7 and gobs of RAM and a moderate graphics card, so I had to wonder what the point was. Our mecha guys are just going to import the real models into Pro-E anyway. I can get the gist of a connector from a good 2D CAD drawing.

Re:At Last! (1)

JeffSpudrinski (1310127) | more than 3 years ago | (#33934534)

What you say is very true, but at least there's an effort on Adobe's part.

Albeit a long overdue and woefully underpowered effort...but an effort nonetheless.

Just my $0.02.

-JJS

Re:At Last! (1)

MichaelKristopeit 14 (1916016) | more than 3 years ago | (#33934672)

all software is a sandbox for itself... adding another layer of equally exploitable bloat is not a feature.

Re:At Last! (1)

gad_zuki! (70830) | more than 3 years ago | (#33935292)

To be fair, they're using MS's protected mode which IE uses and from what I've gathered there haven't been any exploits that break through it. Please note add-ons do not run in protected mode, so if something is targeting your Java or Adobe Reader then those run normally.

Protected mode allows very limited access to the OS and forces a broker process to handle anything that interacts with the user's system. [microsoft.com] Yes, its hackable like most things in life, but its a pretty smart design that I think will limit exploits on the Adobe product. The downside is that its only Vista/7 (?) and it doesn't address the fatal mistakes Adobe is making - allowing javascript by default and using a piss poor updater. Adobe should really just shift to using MS's Windows Update and be done with it.

Right now Java and Adobe Reader/Pro/Standard are the two most exploited apps according to Brian Krebs. Shifting to X should help end users keep their systems safe.

Re:At Last! (1)

arndawg (1468629) | more than 3 years ago | (#33935312)

Microsoft and Google helped them on this sandbox so I have faith that this is a step forward.

Re:At Last! (1)

hairyfeet (841228) | more than 3 years ago | (#33935534)

Uhhh...Foxit has had "safe mode" [foxitsoftware.com] for quite awhile now, and with safe mode no external commands are allowed which kills malware dead in its tracks since it has no way to call functions outside the reader. It also has ASLR and DEP in the versions of Windows that support those features, making it even harder to exploit. so what exactly does having it sandboxed do that makes it safer than the current Foxit?

Not trying to advocate one or the other here, as I gave up on reader around version 6 (whichever one started using quickstarter crap) for me and my customers and strictly give them Foxit unless requested otherwise but I really haven't gotten a chance to study sandboxes in depth, so I'm curious: Does one automatically give advantage over the other? Or can an app with good security measures like Foxit give an equal level of security? Since I'm on Windows 7 running Comodo everything is sandboxed by default anyway so it won't affect me personally, but for my customers on XP it'd be good to know.

Re:At Last! (1)

Aquina (1923974) | more than 3 years ago | (#33939052)

Exactly! I guess they will never ever get that damn thing safe enough to compete with evince, kpdf or whatever. Honestly the only reason to use that Adobe Acrobat Reader crap is because it supports dozens of non-free features; that whole scripting and stuff. When I try to print out a document from my post office to send a package or something I will always have to call them for sending me a non-script version of the document. I doubt they will ever listen to their customers or take their security more seriously...

laughable. (0)

Anonymous Coward | more than 3 years ago | (#33934336)

trying to patch up a rotten-to-the-core, leaking disaster? i smell failure on top of failure. a rewrite is the only solution, from bottom up.

tl^2 (0)

Anonymous Coward | more than 3 years ago | (#33934348)

Too little, too late.

Anyway, given Adobe's past record, this probably will still make a vanilla chroot look like a bulletproof security measure.

Putting the rotten, festering tomato in a can... (1)

carlhaagen (1021273) | more than 3 years ago | (#33934360)

...will surely make it more attractive and suitable for consumption. Good one, Adobe.

Too little too late. (0)

Anonymous Coward | more than 3 years ago | (#33934366)

Even my Moms has switched to non-Adobe pdf software.

Re:Too little too late. (0)

Anonymous Coward | more than 3 years ago | (#33934462)

Even my Moms has switched to non-Adobe pdf software.

So, which is the best (secutity-wise) non-adobe reader?

Re:Too little too late. (0)

Anonymous Coward | more than 3 years ago | (#33935350)

Okular

Re:Too little too late. (0)

Anonymous Coward | more than 3 years ago | (#33935596)

Even my Moms has switched to non-Adobe pdf software.

Thats because she owed me money, and i told her switching was the best way to pay me back.. also tell her i said hi!

Re:Too little too late. (1)

Hal_Porter (817932) | more than 3 years ago | (#33938494)

She's switched to non "your Dad" men too.

when your os... (1, Insightful)

Anonymous Coward | more than 3 years ago | (#33934372)

...makes you always run with admin rights ( they should toss that policy out the *window*), individual programs have to act like little operating systems and do their own rights separation.

Re:when your os... (3, Insightful)

afidel (530433) | more than 3 years ago | (#33934920)

Windows hasn't done that since 2000 if you know what you are doing.... Even less so for Vista/2008 and up.

Re:when your os... (1)

the_womble (580291) | more than 3 years ago | (#33937456)

True. I had to click some extra buttons to edit a config file on Vista. It was damn difficult to figure what to do though - how one edits a file as admin was far from obvious (no equivalent to "edit as root" in a Linux file manager).

Of course, on Mandriva I could change the same config (the hosts file) in a GUI so I would not need to edit as root anyway.

I was also amused to find that Windows copies Unix files structure in having a partial equivalent to /etc (though its buried several layers deep) called \etc nin which the hosts file sits.

Hmm (2, Interesting)

Anonymous Coward | more than 3 years ago | (#33934402)

Maybe they can make it a more reasonable size? Who needs a 60MB file reader?

Reader X? Next Lawsuit (-1, Offtopic)

DevConcepts (1194347) | more than 3 years ago | (#33934422)

Apple sues for the use of "X"

Re:Reader X? Next Lawsuit (0, Offtopic)

hcpxvi (773888) | more than 3 years ago | (#33934552)

Apple sues for the use of "X"
Followed closely by that company that makes the X-box. What were they called, now? ISTR them having a lot of lawyers. I don't imagine that the current providers of the X Window System will bother.

Re:Reader X? Next Lawsuit (1)

arth1 (260657) | more than 3 years ago | (#33934760)

More likely is that Apple will come out with their own not-entirely-compatible Acrobat reader, which sneak-installs QuickTime, iTunes and a web browser, and everyone will hail it as the best thing since sliced bread...

Re:Reader X? Next Lawsuit (1)

theurge14 (820596) | more than 3 years ago | (#33937194)

That would be a pretty good zinger if Mac OS X didn't already have Preview.

This is good but.... (3, Interesting)

mark-t (151149) | more than 3 years ago | (#33934444)

... I'm still waiting on acrobat reader for x86_64 Linux. While there are other PDF readers for Linux, none of them that I've found work properly with documents that use layering features apparently only found in Acrobat.

Re:This is good but.... (0)

Anonymous Coward | more than 3 years ago | (#33934612)

In the long term it, it will be more effective to ask the Evince or other open source pdf viewers to support such a feature. If you get this x86_64 binary that supports this feature, then your documents may not work on your later ARM based PC, and others may not be able to read your doc as they use common open source readers.

Re:This is good but.... (1)

Skuld-Chan (302449) | more than 3 years ago | (#33934992)

Wow seriously? How about Adobe Reader for Linux [adobe.com] ?

Re:This is good but.... (0)

Anonymous Coward | more than 3 years ago | (#33935074)

exactly, dont know why anyone needs a 64bit binary for acrobat, its a fucking file reader

Re:This is good but.... (1)

Joseph Vigneau (514) | more than 3 years ago | (#33935526)

Looks like it's a 32 bit app, not an x86_64 app. Not good if you're running a pure 64-bit environment.

Re:This is good but.... (1)

Hal_Porter (817932) | more than 3 years ago | (#33938558)

Well if you want to run Acrobat, don't use a pure 64 bit environment.

Gasp! (3, Funny)

Quiet_Desperation (858215) | more than 3 years ago | (#33934502)

And little does anyone suspect that Reader X is actually Speed Reader's long lost brother!

Re:Gasp! (1)

Nimey (114278) | more than 3 years ago | (#33934898)

ror

Re:Gasp! (1)

Quiet_Desperation (858215) | more than 3 years ago | (#33935428)

ROR? Raph Out Roud? That seems vaguely racist. Hey, I tease.

Seriosuly, though. Rate of Return? Ruby On Rails? Rotate Right? Help a brother out here.

Re:Gasp! (1)

Nimey (114278) | more than 3 years ago | (#33938200)

I believe the first one was the original. It's a common expression on another site I'm on.

Re:Gasp! (1)

Culture20 (968837) | more than 3 years ago | (#33935202)

Twice as funny if you imagine it in the voice of the Micro Machines guy.

Great! (4, Insightful)

Local ID10T (790134) | more than 3 years ago | (#33934530)

New Adobe Acrobat Reader X!

Slower and more bloated than ever before!

New holes to exploit*!

(*old holes still included)
...yeah, I'll stick with Foxit Reader.

Re:Great! (2, Informative)

hcpxvi (773888) | more than 3 years ago | (#33934634)

Oh so nearly Haiku! Let's try again:

Adobe Reader X
Slow, more bloated than before
New holes to exploit


Darn. You have to pronounce "Adobe" as "A-dob".

Re:Great! (0)

Anonymous Coward | more than 3 years ago | (#33934960)

Adobe RX
Prescription for more exploits
Take before breakfast

Re:Great! (1)

Abstrackt (609015) | more than 3 years ago | (#33935054)

Darn. You have to pronounce "Adobe" as "A-dob".

And a haiku traditionally contains a word or phrase that symbolizes or implies the season.

The new Reader X
Still bloated like a dead cow
More holes than swiss cheese

Re:Great! (1)

Skuld-Chan (302449) | more than 3 years ago | (#33935010)

I don't get this - seriously. Foxit often has the exact same exploits as Reader does - remember that postscript font bug/exploit Reader had? Foxit had it too, they fixed it a whopping 3 days faster than Adobe, and Adobe has to support about 24 more languages than Foxit does.

Re:Great! (1)

rekenner (849871) | more than 3 years ago | (#33935562)

Yeah. Ironically, FoxIt is now ... getting to the bloat and vulnerability of Adobe. So, it too has been replaced by another slim PDF viewer. I use SumatraPDF, personally. It's quick, small, and doesn't have enough features to be vulnerable.

Re:Great! (1)

eulernet (1132389) | more than 3 years ago | (#33937316)

and Adobe has to support about 24 more languages than Foxit does.

I don't understand what languages have to do with a patch in the code, or do you mean that the language resources are coded into the source itself or, even worse, that there are 24 different versions of the source ?

The problem is not that Adobe took 3 more days than Foxit, the problem is that Foxit has patches easy to deploy, and Acrobat Reader hasn't, so any new exploit will work for a lot of time.

I think I speak for all of us (1)

cerberusss (660701) | more than 3 years ago | (#33934674)

I think I speak for all of us when I say: Fuck you Adobe, fuck you and your stupid software. Which makes both our work and our private lives miserable with its gazillion security holes, one worse than the other.

When I hear the word Adobe, I think of problems. That's the mindset you created.

Re:I think I speak for all of us (1)

Culture20 (968837) | more than 3 years ago | (#33935288)

When I hear the word Adobe, I think of problems. That's the mindset you created.

Agreed. CS4 on Windows had a workaround method to update products remotely via command line (by downloading updates from their website). CS5 on Windows has those updates absent from the website. So we have to either grant access to the adobe updater program to run as admin for everyone and teach them to update (and scan to make sure), or manually use the GUI overselves on end users desktops. WTF? I bet the Mac version is just as foobared, but at least you can just ARD-push the application directories after updating on one computer (Curse Windows and its myriad folders and registry settings).

A better protected mode (2, Insightful)

Dystopian Rebel (714995) | more than 3 years ago | (#33934716)

OS X - built-in Preview app
Linux - Evince, several others
M-Windows - Foxit, Sumatra

The alternatives are so much better than Adobe Acrobat Reader that I think we can now say that the alternatives are the market and Acrobat Reader is the poor alternative.

Re:A better protected mode (2, Insightful)

blindbat (189141) | more than 3 years ago | (#33935138)

Unless you work in the printing field. If so, all of the programs you list fail miserably at rendering the files. On both Mac and Windows.

Re:A better protected mode (1)

LWATCDR (28044) | more than 3 years ago | (#33936724)

Which very few of us are.
The problem with Acrobat is simply feature bloat. Most people need a program that will let them read PDFs. That is it.

Re:A better protected mode (1)

Kurt Granroth (9052) | more than 3 years ago | (#33936920)

I think most people can agree that for most purposes, any alternative to Adobe Reader is going to be faster, smaller, and more secure. But let's not delude ourselves into thinking that just because we're not using Reader that we're completely safe from PDF exploits. Witness the recent XPDF vulnerability that affects nearly every Linux-based PDF resource:

http://securitytracker.com/alerts/2010/Oct/1024526.html [securitytracker.com]

We're safe from a "security through obscurity" point of view (why bother writing an exploit for such a tiny market?) but this exploit is at least as bad as most of the Reader ones.

Re:A better protected mode (1)

internettoughguy (1478741) | more than 3 years ago | (#33938818)

OS X - built-in Preview app
Linux - Evince, several others
M-Windows - Foxit, Sumatra

The alternatives are so much better than Adobe Acrobat Reader that I think we can now say that the alternatives are the market and Acrobat Reader is the poor alternative.

Add Chromium to that mix too; it now supports PDF, and is available for all of those platforms.

Awesome. (1)

blair1q (305137) | more than 3 years ago | (#33935030)

Protected mode involves having a separate process brokering write requests from the document viewer to the OS.

Because that's just what a bloated resource-hog like Acroread needs, is a whole layer of IPC and ACL in the most basic of places...

Why does anyone use PDF anymore anyway?

Re:Awesome. (0)

Anonymous Coward | more than 3 years ago | (#33935268)

Because it displays perfectly everywhere.

Re:Awesome. (1)

blair1q (305137) | more than 3 years ago | (#33935442)

For inexact values of "perfectly" and "everywhere".

Re:Awesome. (0)

Anonymous Coward | more than 3 years ago | (#33935642)

Stop making my sentences wrong by changing their correct meaning. I've never seen a PDF display improperly on any reader.

Re:Awesome. (0, Troll)

blair1q (305137) | more than 3 years ago | (#33935952)

My mistake. I should have said, "for ignorant values of 'perfectly' and 'everywhere'."

Re:Awesome. (0)

Anonymous Coward | more than 3 years ago | (#33936868)

Stop making my sentences wrong by changing their correct meaning. I've never seen a PDF display improperly on any reader. That's a fact, not an opinion, and it's not ignorance, just 'bad luck' I guess. I deal with good readers and good files apparently.

Re:Awesome. (1)

blair1q (305137) | more than 3 years ago | (#33941416)

No, it's still ignorance, because it's not the fact that was in question, which was "it displays perfectly everywhere."

So I again amend my remarks.

"for deliberately self-unaware and/or ignorant values of 'perfectly' and 'everywhere'".

Re:Awesome. (1)

sexconker (1179573) | more than 3 years ago | (#33936080)

Stop making my sentences wrong by changing their correct meaning. I've never seen a PDF display improperly on any reader.

Horse shit.
I have come across many a PDF that:

Wouldn't display, at all.
Wouldn't load the embedded fonts.
Wouldn't properly apply the security restrictions.
Wouldn't stop rotating pages when physically printed, despite any combination of rotation options across the PDF reader and the printer driver.
Wouldn't kern a bog-standard font for shit. I shouldn't have to zoom to 125% or something to get the word "failure" to stop rendering as "fa i lur e".
Etc.
Etc.

Re:Awesome. (1)

DragonWriter (970822) | more than 3 years ago | (#33938496)

Why does anyone use PDF anymore anyway?

Because no one has come up with a replacement technology that maintains PDF's strengths while having a compelling-enough set of advantages to get people to change.

Reader X Updates coming soon... (1)

digitaldc (879047) | more than 3 years ago | (#33935084)

So how many minutes will it be before we have to update Reader X after we install it?

Re:Reader X Updates coming soon... (1)

Teufelsmuhle (849105) | more than 3 years ago | (#33935122)

I bet it won't be long. I also bet that when I install the update, it will place another stupid Adobe Reader shortcut on my desktop.

Re:Reader X Updates coming soon... (0)

Anonymous Coward | more than 3 years ago | (#33935814)

And re-insert speed loader into the background start-up programs.

Every Adobe update requires trashing the new icon and disabling the speed loader yet again.

Re:Reader X Updates coming soon... (0)

Anonymous Coward | more than 3 years ago | (#33937530)

The problem is not the update itself, but the process to upate Acrobat.
You have to install updates all the previous ones before installing all the latest update.
Right now, If you have Acrobat 9.0 you have to installed 10 updates before installing the last one (9.4)...

Sumatra - too dumb to exploit. (1)

Animats (122034) | more than 3 years ago | (#33935634)

Sumatra - it's so dumb that the Adobe exploits don't work. No forms. No plug-ins. No cut and paste. No networking. All it does is display PDFs in a separate window. Which, 99.9% of the time, is all you want.

I don't even have Adobe Reader installed on my Windows 7 machine.

More Bloat for Adobe Bloatware (1)

BuckaBooBob (635108) | more than 3 years ago | (#33935816)

Its shocking to see other PDF reads that are as small as 1 Meg and how well they work compared to Adobes 100+ Meg install of a reader..

A Sandbox sound like another awesome way to make a simple document reader even bigger.

As it is now When I see someone using Acrobat I cringe and inform them there are alot of PDF readers out there that do a great job... and when they load one of them up they are amazed how fast PDF's open..

The general Public needs to be informed that there are Better and More Secure PDF readers out there that are in pretty much every way better..

WTF? Why? It's a READER!!! (1)

CPE1704TKS (995414) | more than 3 years ago | (#33936628)

This is getting ridiculous! I want Adobe Acrobat to just take a PDF and DISPLAY IT. I didn't sign up for all this bullshit with javascript, adding a service into my already crowded memory space that checks constantly for updates, etc. It's fucking ridiculous!

All it's supposed to be is a way to format a document. Anything more than that, adding all this fucking unnecessary infrastructure/bloatware onto desktop just makes me crazy! The additional fact that it causes viruses makes me really, really close to saying fuck off to acrobat completely.

It's as if the reading light switch on your car all of a sudden tried to get fancy, by adding motion detection, but then it needed additional layers to prevent it from draining your batteries it turns on because it detects motion on your car, so you're forced to buy tinted windows, etc, and oh yeah, it can somehow unlock the doors and start your car. It's a fucking utility that has taken on a life of it's own and I've really had to at this point.

Actually, after this rant I've decided I'm going to uninstall Acrobat immediately.

Adobe need a K-I-S-S (1)

Entropy_Storm (1484671) | more than 3 years ago | (#33937874)

Heck, if Symantec have started to undo the years of dross they've inflicted on PC users maybe it's time Adobe took a step back and evaluated what they do and do not need in what should be a relatively simple document reader.

Who is the idiot... (1)

FranckMartin (1899408) | more than 3 years ago | (#33938988)

...that decided to put a scripting language inside PDFs?

Have we learn anything? Do we have to use back postscript for sending safe documents?
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>