Hi malware fighters,
Forget about Windows, Internet Explorer or QuickTime, cybercriminals exclusively aim at Adobe software, even to the surprise of av-experts. Some are now out on a crusade to convince home users and firm users about the dangers involved with using Adobe Reader and Flash Player. “Adobe should perform a lot better security wise”.
Adobe some time ago announced to clean up it’s act. So they made a start with introducing their own patch Tuesday and announced they would start safer programming. Because of an emergency patch Adobe had to break this freshly started patch cycle and the next patch date was postponed. We think Adobe is not on the right track with security. Until now Adobe only delivered hollow words."
The new MS
According to some av experts Adobe holds the same position now as MS did before XP SP2, that is now 5 years ago. “Whenever you hear what Adobe has to say, you reckon those people do not really get it.” Security is not number one for software firms that aren’t under direct attack. “But considering Adobe we know since 2007 that they lay under heavy attack and the situation became unmanageable during the previous 7 months, it is really out of their hands.”
A new generation exploit tools is not so much concerned with exploits for Windows or IE. “They only go for PDF and Flash now.” Something that makes us wonder. “It shows they are not even considering other exploits.” The problem is also caused by Adobe being a monoculture. 80% of internet users uses a broken version of Flash or PDF while online.
Features
The Flash and Adobe updater should check for daily updates, what is not the case now. We think that should be so for all browser plugins and Internet programs. Firefox is already doing this for Adobe. The open source browser warns users if a vulnerable version is being found. Working the browser with NoScript and FlashGot extensions is secure.
Where security is concerned Adobe does not see all this as a first priority issue. Their first priority seems to lay with adding new features. Like adding DRM to Flash Player, and we think that could also be an interesting feature for malcreants. In the past the DRM-function of Windows Media Player has been abused many times. The Adobe implementation is not known yet, but it could complicate the work of the avast analysts big time.
First things first
Is Adobe commercially interested in the security of their software or does it act like Microsoft in the past, and MS made a full and complete turn on that attitude" Then there is lack of competition. Foxit reader is around, but only will become targeted if it has a larger market share. For Flash there is no competition. “This could be a problem.”
Most exploits are directed at Adobe Reader. Attachers use various exploits at once, making it easier for av vendors to react. If one of four exploits are flagged, the attack is stopped in its tracks and disconnecting will prevent an infection vector to hit home." Most exploits are hidden inside in Adobe’s implementation of JavaScript (so that is why we advise to use NoScript inside the Firefox or Flock browser). “Than there is the difference between PDF standards and what Adobe really does, reminding us of MS in that respect.” Standars are agreed to on paper but actual adaptations differ. Like the way HTML and executables load inside IE. Also Adobe Reader is bending these rules, so certain things can still be read by the proggie.
Marketleader
Because of all these problems one should expect a good communication between Adobe and av vendors, but that is not the case. It is hard to communicate with Adobe. This because of a number of zero-days that Adobe wished to hush up on earlier this year, it seems advisable for users and firms alike to start looking for alternatives. The ideal situation would be that everybody uses another alternative - larger platforms means more exploits. Another attitude can work a change - IE8 has shown that - the browser seems more secure now compared with the situation of IE7. But with PDF and what the marketleader offers there, you better stay away,
polonus