There is a problem that software companies face when they are dealing with their customers.
When you are a retailer of software, especially since the advent of the Internet, it is expected that you will have to create patches for your software.
Nobody expects that a program will be a hundred percent safe when it is shipped to the consumer.
The company will not be able to see most of the problems until the product is in the customers hands and they have had time to test it out.
Consumers Don’t Rush To Install Patches
After they test it, the company can take the complaints and work on a patch.
After the patch is created, now the company runs into another problem.
They have to find some way to be able to get the consumer to apply it.
People will update their software but not in the most speediest of fashions.
They usually put it off, especially since they are use to a lot of software having to restart the computer for it to work.
Adobe feels that they have a way to combat this problem.
They want to place an auto updater on the end users system that will silently patch any adobe products that they have installed.
These actions have caused quite a stir in the security community on whether this is a good idea or not.
Auto Patching Can Be Both Good And Bad
This can be seen as both a good and bad ideal for several reasons.
The good points for adobe is that studies show that this is the best way to distribute patches for the end user.
It also shows that this method keeps people safer.
If they do not have any interaction with the auto updater then any exploits that are found will be instantly patched.
This allows Adobe to keep controversial features in their products, such as javascript capabilities in a pdf, and patch it whenever a problem occurs.
This also helps the end user since they will not witness anymore nag screens on their computer.
When the product is ready to install a patch, it will do so without them even knowing.
It may seem like a win for everyone but there are some serious negative consequences to this as well.
The negative part of this equation can be a really big problem.
What if the Adobe auto updater downloads a new patch and it somehow does not agree with your system.
If you are the end user, you have no ideal that something has changed and you will not be able to figure out the problem.
This can lead to lots of frustration.
Also the security community is worried that hackers will be able to exploit the auto update process and use it for their own means.
If you have software on the computer that you already know connects to the Internet and downloads software without the customers knowledge, it is only a matter of time before you come up with a plan to exploit this feature.
Once the exploit is loaded, no one will be the wiser.
There are several good points and bad points to Adobe’s planned auto update feature.
They must tread very carefully and make sure that this software is as secured as they possibly can make it.
{ 4 comments… read them below or add one }
RT @Security_FAQs ..Adobe’s Auto Updater Causing Fear? http://bit.ly/b1BpXW >> Google does this as well through their Google update service.
This comment was originally posted on Twitter
Why Is Adobe’s Auto Updater Causing Fear In The Security Community? http://bit.ly/b1BpXW (via @Security_FAQs)
This comment was originally posted on Twitter
Why Is Adobe’s Auto Updater Causing Fear In The Security Community? http://bit.ly/b1BpXW (via @security_faqs)
This comment was originally posted on Twitter
Why Is Adobe’s Auto Updater Causing Fear In The Security Community? http://bit.ly/b1BpXW
This comment was originally posted on Twitter