Monday, February 02, 2009

Acrobat Reader

Pretty much every virus infected PC I've seen in the past few months was originally infected via the magnificence that is Acrobat Reader (and most of the remainder were infected by the meth-using-crack-whore that is the Sun JRE)

The time is right to go after Acrobat. After explaining to someone that the virus that just trashed their PC (or office's PCs) came in by way of a hidden PDF in an infected web page, not only are they OK with removing the Acrobat browser plugins, but they're often open to getting Acrobat off the machine entirely.

Given the rash of shit that Microsoft has (rightfully) received over the years for browser exploits, it's time to hold Adobe and Sun accountable for their dangerously insecure products. Both companies patch management is terrible. Neither provide any decent support for sysadmins to push out updates ("uh, try to find the MSI that the installer drops and then, you know, push it out with something. I think you can do it with Group Policies!" is about as far as they go) For Java it's been easy to say "just get rid of it" since for 99% of people it's unnecessary, but Acrobat and Acrobat Reader have been more of a challenge. Perhaps highlighting how insecure Acrobat is will help move the effort to replace it along.

No comments: