Why Is Adobe’s Auto Updater Causing Fear In The Security Community?

could hackers target the auto updating system?

There is a problem that software companies face when they are dealing with their customers.

When you are a retailer of software, especially since the advent of the Internet, it is expected that you will have to create patches for your software.

Nobody expects that a program will be a hundred percent safe when it is shipped to the consumer.

The company will not be able to see most of the problems until the product is in the customers hands and they have had time to test it out.

fear-in-the-security-community

Consumers Don’t Rush To Install Patches

After they test it, the company can take the complaints and work on a patch.

After the patch is created, now the company runs into another problem.

They have to find some way to be able to get the consumer to apply it.

People will update their software but not in the most speediest of fashions.

They usually put it off, especially since they are use to a lot of software having to restart the computer for it to work.

Adobe feels that they have a way to combat this problem.

They want to place an auto updater on the end users system that will silently patch any adobe products that they have installed.

These actions have caused quite a stir in the security community on whether this is a good idea or not.

Auto Patching Can Be Both Good And Bad

This can be seen as both a good and bad ideal for several reasons.

The good points for adobe is that studies show that this is the best way to distribute patches for the end user.

It also shows that this method keeps people safer.

If they do not have any interaction with the auto updater then any exploits that are found will be instantly patched.

This allows Adobe to keep controversial features in their products, such as javascript capabilities in a pdf, and patch it whenever a problem occurs.

This also helps the end user since they will not witness anymore nag screens on their computer.

When the product is ready to install a patch, it will do so without them even knowing.

It may seem like a win for everyone but there are some serious negative consequences to this as well.

The negative part of this equation can be a really big problem.

What if the Adobe auto updater downloads a new patch and it somehow does not agree with your system.

If you are the end user, you have no ideal that something has changed and you will not be able to figure out the problem.

This can lead to lots of frustration.

Also the security community is worried that hackers will be able to exploit the auto update process and use it for their own means.

If you have software on the computer that you already know connects to the Internet and downloads software without the customers knowledge, it is only a matter of time before you come up with a plan to exploit this feature.

Once the exploit is loaded, no one will be the wiser.

There are several good points and bad points to Adobe’s planned auto update feature.

They must tread very carefully and make sure that this software is as secured as they possibly can make it.

About Lee Munson

Lee's non-technical background allows him to write about internet security in a clear way that is understandable to both IT professionals and people just like you who need simple answers to your security questions.

Speak Your Mind

*