Adobe Creative Cloud Experience makes it easier to run malware

Security researchers?

-> Security researchers commenting on Taggart's finding said they'd been under the impression the bundled Node runtime would only execute files signed by Adobe

What led them to be under this impression? Did they test it themselves, i.e. do some research? Or did they read it somewhere, AKA reader-repeaters?

Once again I feel fortunate our organization has been "Adobe Free" for over six years.

OK, wait.

I've already owned somebody's machine to the point where I can drop arbitrary files anywhere I want *and* run random programs. And a copy of node.exe is the problem????

If somebody has gotten that far into your machine, you are fully owned, period. It's not reasonable to expect an application to guard against that.

Of course it's malware, it is part of Creative Cloud.

Even with a customized installer ala o365 the creative cloud is still cancer. If you remove the out of date node from this version, there is probably still 30 year old PDF code that for some reason still has local file access, loads internet resources at document load and runs unsigned scripts.

Keep in mind, this is still a company that can't be bothered to build a working uninstaller, automatically associates new users under a different account with the user account that installed the software, and tries to trick users into buying a copy of the software on their credit card when the are logged into CC with an account that has an enterprise license assigned.

So yeah, I don't lose much sleep over which bit of hot garbage that they point at, it's all a giant dumpster fire.