back to article Most Adobe Reader installs are out of date

Six out of every 10 users of Adobe Reader are running vulnerable versions of the ubiquitous PDF reader package, according to stats from freebie anti-virus scanner firm Avast. Adobe applications, behind only browsers and Microsoft Office as a favourite target for hackers, are regularly the target of Trojan-based hacking attacks …

COMMENTS

This topic is closed for new posts.
  1. Frosty840

    Yes, but...

    That's only because Adobe brings out a new version of their damnable within the time it takes for you to download and install the update to the last version.

    1. Anonymous Coward
      Anonymous Coward

      Correct - which is a total pest on OSX

      When you leave WIndows for OSX (which I did a year ago), the first thing you notice after having sworn at the lack of cursor navigation is the update silence. Sporadically, an update would come along but in general it's open lid, work, ready, close lid, and a weekend reboot just because I'm tidy that way (part of my backup cycle).

      That piece is brought home when you then start a Windows machine after it has been off for 2..3 weeks - it's an eye opener.

      Anyway - that peace is brutally shattered when you install Adobe Reader, and Adobe Air is even worse. I swear, those version numbers are actually hourly timestamps given how often that updates. It would be nice if they could actually just write decent code..

      AFAIK, the damn things use its own updater, so when Apple finally brings out Lion I'll start from scratch and make sure Hands Off! denies it both disk and network access until *I* decide it's time to update. As a matter of fact, I don't really need their PDF reader..

      1. Dan 55 Silver badge
        WTF?

        Why on earth did you install Reader on OS X?

        OS X can be accused of many things but it's got a built in PDF viewer and the print dialog has got a PDF writer.

        Are you a masochist?

    2. Tom 13

      That and that it only seems to want to self-update

      when you click on the damn thing because you want to use it, and have a bajillion browser tabs open that you don't want to close so it can update.

  2. Anonymous Coward
    Thumb Down

    title

    This doesn't surprise me at all. It's used by most people to simply read a document, why would it/ should it need constant updating?

    1. BristolBachelor Gold badge
      Trollface

      Becuase it's shit?

      See above. (I'm not sure if this counts as a troll, because unfortunately it's true)

  3. SnowCrash
    FAIL

    Given how bad

    Adobe's deployment tools are for Reader it's hardly surprising it's such a mess. I hate having to deploy new updates/versions because there is no reliable deployment mechanism across a corporate LAN.

    1. El Cid Campeador
      Pirate

      Look around

      You CAN find Reader MSI installers--not easy (unless you sign up with them) and you have to be VERY careful about your source, but it is doable (if still a huge pain).

      1. Tim Bates

        Not hard

        Simply fill in the form at Adobe, and follow the download link... It's that easy to get the MSI versions.

        I've done it at least 4 times now, and it's far easier that tracking down the potentially dodgy links from various blog sites.

        1. Tom 13

          re: "I've done it 4 times now..."

          If you don't see the problem with that, you ARE the percipitate.

  4. Anonymous Coward
    FAIL

    I blame Microsoft update for the debacle

    Why can't MS design their updater so that Third party updaters can be plugged into it, in a similar way that you can add additional repos in yum?

    Then you'd be 1/2 way there if MS defaulted AU to on, and third parties installers asked to be allowed to add their update location into MS update.

    1. Tom Chiverton 1
      Stop

      The title is required, and must contain letters and/or digits.

      There is no way the average user will even understand that question. It should Just Do it.

    2. Colin Millar
      WTF?

      Must be a record

      6 posts in and someone has come up with a reason why Acrobat being crap is MS fault

      I thought acrobat was crap because adobe can't build software

      The only decent products they ever had came out of buying Macromedia

      1. Ian Davies
        Thumb Down

        It's Adobe's problem

        The installers and (lack of) deployment tools for Acrobat on OS X are just as shitty.

      2. Anonymous Coward
        Anonymous Coward

        Re: Must be a record

        Yes, Adobe s/ware is crap, but there is a wider issue that there is no built in way for apps to be updated under windows - the best the app designed can do is to include their own, so that rather than having a nice straightforward 'run updates every night at 03:00' or, whenever I choose, or whatever in one place each checks for updates whenever it feels like, and you have to update them individually.

        MS fail for not providing a mech to allow for updating of all installed apps.

        1. Tom 13

          While I generally agree,

          the fact remains that Adobe is obstinant about not using MS management tools even when they are provided.

    3. MikeSM
      Thumb Up

      One stop updates for Win

      This is pretty much what I came here to say. Imagine how much cleaner Windows would be with a one stop update center for all your installed software (similar to how iOS handles it). The way it works now is every program, even some from the same vendor, runs its own background service to check for updates. What a waste of resources.

    4. Tim Bates

      Me too

      I also came into the comments to see if there was someone already saying this. Pity the first response to said comment was an idiot assuming it was an MS bashing.

      Microsoft NEED to adopt a (secure) method of allowing 3rd party tools, especially very popular ones, to update in the SAME way Windows and other MS products do. It would save having 14 different little popups bitching about updates when you log in. And given how some vendors seem to think their updater is the most important tool you've installed, it could speed up login times for many users.

  5. Dan Price
    Coat

    Imagine my surprise.

    Since Adobe Reader appears to be on a 15-minute release cycle, I remain unsurprised by the fact most installs are out of date.

  6. Ken Hagan Gold badge
    Headmaster

    vulnerable is not a synonym for older

    "Six out of every 10 users of Adobe Reader are running vulnerable versions of the ubiquitous PDF reader package"

    I'm pretty sure 10 out of every 10 are doing so. What you mean is that they are running older versions, and since a patch essentially tells the bad guys exactly where and what the vulnerability is, some of the holes in older versions are now public knowledge. But both the older and current versions surely have holes Adobe haven't found yet.

    1. vagabondo

      but Adobe is a synonym for vulnerable

      just use something -- anything -- else.

  7. Anonymous Coward
    Anonymous Coward

    Alternatives..

    We use foxit reader here doesn't seem to give us too much bothers

  8. PeterHing
    Flame

    Totally agree with...

    ... the update comment! EVERY TIME I open Adobe reader, the update box pops up. I have trouble managing it on my home PC, let alone in an office environment! There is no consistency. I don't know how people put up with it

    1. Elmer Phud
      Boffin

      Put up with it? Nah.

      Others don't, they use Foxit.

      It doesn't take up huge amounts of HD space, doesn't want to check for updates every half hour or so, is very easy to use and comes with a usable set of basic tools.

      1. Anonymous Coward
        Windows

        Try Sumatra

        Wonderfully light, free and open-source.

      2. Richard 22
        Thumb Down

        Foxit used to be good...

        but recent versions have been bloated, slow and unreliable. Firefox integration is rubbish also.

        I find Reader X pretty good - the best version of Adobe Reader for a long time. Startup times and memory usage seem much improved since v7-9. I recently removed foxit completely and replaced it with Adobe reader, after being a long-time foxit user. Happy with it so far

  9. Peter Clarke 1
    Facepalm

    Update Hell

    I've avoided this particular hassle by using FoxIt Reader for some time. The added benefit is it's a much leaner app. Unfortunately I do have to have Flash (ah, ah!) on my PC to run my Poser library and this has had quite a few updates in the last few months, with the worry it's gonna break something each time

  10. Anonymous Coward
    Linux

    Not here

    KDE comes with the very excellent Okular so no need for that over-bloated, bug ridden Adobe nonsense.

  11. Anonymous Coward
    Anonymous Coward

    It doesn't help that Reader keeps breaking things

    we recently upgraded to Reader X across our userbase, only to discover that it broke all the print drivers. Back to 9 we go while Adobe and our printer vendor argue about whose fault it is...

  12. Anonymous Coward
    Anonymous Coward

    I'm surprised it's only 6 out of 10.

    4 out of 10 are up to date.

    I'd have to work hard to get it up to that figure here.

  13. Anonymous Coward
    Anonymous Coward

    PDF's = pointless

    In 99% of cases they could be replaced by something leaner, as functional and just as pretty.

    It's always been an overused format. Mainly preferred by designers to maintain their "artistic vision".

    These days pure laziness.

    Technical/Legal documents ... maybe. But if your restaurant only has it's menu in PDF version - and I'm trying to read it on a mobile device. Forget it.

    1. Dr Paul Taylor

      bus timetables

      In particular, why is it (apparently) obligatory for bus and train timetables to be presented as "downloadable" PDF files, when and ordinary HTML web page would be perfectly adequate?

      1. Ken Hagan Gold badge
        Unhappy

        Re: bus timetables

        I'm guessing, but probably because the original text was created with MS Word and you can create a plausible PDF from a DOC but the HTML support just blows, so the easy way for a doofus to get a DOC on the interweb is to print to PDF and put that nice "download Adobe Trojan now" on their webshite.

        1. Tim Bates

          Easier way to get docs on the internet...

          The NSW state government department I used to work for had a far easier method to post DOC files to the internet.... Simply post the DOC file to the internet.

          Was particularly fun whenever a new version of MS Office came out and the newer documents wouldn't open on any computers still using older versions (which was usually most computers).

  14. Efros

    Needs a diet

    Adobe reader is just too big! Needs to go on Atkins for a while. I either use Foxit or SlimPDF.

  15. NinjasFTW

    why is a reader so bloody big

    I stopped automatically upgrading when version 8 (i think) was released several years ago. The amount of bloat that they are cramming into a simple document reader is unbelievable.

  16. Tom 7

    Pointless Document Format

    Tries and fails to do all sorts of things that are much better done by other far more secure options.

    Only supported by people who have spent so much time barking in the wrong forest they think they're at home.

  17. Anonymous Coward
    Anonymous Coward

    Out of date ..

    We use out of date Acrobat as we use roaming profiles and they still have a bug which forces us to use the older version.

  18. mark l 2 Silver badge

    bloat ware

    Why does adobe acrobat reader have to be 100 meg + in size while foxit reader is a little over 10 meg and does the same job?

    I have been using foxit as a replacement for over 12 months and apart from a stint of the royalmail website insisting i needed acrobat and refused to work with foxit ive never come across a pdf or website that hasn't worked correctly with it. (Royalmail website now works fine with foxit btw)

  19. Anonymous Coward
    Thumb Up

    Updating Adobe X using Security Centre Essential

    Version X of Flash, Acrobat Reader and Pro can all be updated using SCE. Just not version 9.X, whixh would be helpful..

  20. NHS IT guy
    Mushroom

    Just can't be bothered.

    Of course they're out of date Adobe.

    Have you used your own software? Every time I start your reader I get prompted to install a new update, which takes the best part of 10/15 minutes - and all I was after was to read an invoice.

    Even when you're not using Adobe Reader actively, the sodding tray icon keeps throwing up balloon tips demanding I update. I just makes me resent updating that little bit more.

    Tips:

    Leaner software (which equals smaller faster updates)

    Less frequent updates

    Less intrusive notifications/nag messages

  21. Steve McIntyre
    FAIL

    All Adobe's fault

    PDF used to be a nice, simple format that you could trust. But that wasn't enough for Adobe to continue to sell new versions, so they started adding extra crap like Javascript. Guys, we DO NOT NEED scripting in documents we're sharing.

    Now your options are to continue on the Adobe treadmill (spending more time downloading and installing updates than actually using the software), or to switch to something more secure instead.

  22. ColonelClaw
    Mushroom

    Kill it with fire

    There are many reasons not to like Adobe Reader, but for me top of the pile has to be that sometimes after running the update it makes me restart my PC.

    That alone should be punishable by death

    1. Dan 55 Silver badge
      Facepalm

      Here's why...

      You need to be running Reader to manually start the update process yet not have it running to update it otherwise Reader's files will be in use and it'll want to restart Windows to be able to update them.

      Yes, you heard that right, as soon as you use the menu option to check for updates you must close all instances of Reader while it's downloading and before it starts installing.

      It's only with the last couple of point releases of 9 and X that there's anything approaching background automatic updates, and even then no release of Reader will update to the next major version. So it's not surprising that hardly anyone's running the latest version (which incidentally has Comment and Share buttons taking up half the toolbar and are impossible to get rid of).

      Crap, but not as bad Flash Player on Windows still treats Active X and NPAPI plugins as different beasts which need different installers and then there's separate uninstaller. I'd like to meet the brilliant mind at Adobe which thinks it's a good idea to have a security hole in one browser but not another on the same machine.

  23. jband
    FAIL

    So many confirmations to wade through

    These days software's evolved to the point where in the best cases, for a home user, you can set it to update itself quietly in the background and be reasonably confident your computer won't go bang (eg Chrome browser).

    Adobe software, on the other hand, requires you to handhold it every step of the way with several confirmation dialogs, and there seems to be no easy way to tell it to "just go ahead and update and stop bothering me". True for Reader and for Air (which iPlayer uses), both of which appear to push out updates every few days, and no doubt also true for other Adobe software. To think I nearly decided to buy Audition....

    There are three regularly-used PCs in our house (and a couple of less-frequently used ones) and I'm damned if I'm going to spend my Sundays updating Adobe software simply because they can't be bothered to improve the update automation.

  24. scifidale
    Thumb Down

    bye bye adobe

    Any network I have control over be-it corporate or home the first thing that goes is adobe reader, and in goes foxit. Users then whoop with joy that their pdfs actually open quickly instead of taking the same time that it takes to load crysis!! for the love of god adobe you know something is wrong when you take 200MB's or more to do what foxit can do in around 10MB and with alot less of the swiss cheese effect.

  25. NogginTheNog
    FAIL

    Hardly surprising

    Personally I've got bored with updating the crap as it seems to be asking to install a new version ever bloody week! For me Adobe lost my confidence when they started putting in options in the app to enter credentials for buying stuff: ffs, it's a document reader!

    I use Foxit at home: a big improvement.

    Another one that bugs me is the java updater: it keeps prompting me for UAC access to update, and then bombs out 'cos it doesn't seem to be able to handle running as alternate credentials. FAIL!

  26. Andrew Richards
    FAIL

    Fox it!

    Another vote for FoxIt. And another down for Adobe Reader. Not only does it need constant attention but the updater needs to get in its place as it throws out the odd "please check your internet connection" message.

    Unfortunately, this is only a dialogue with "OK" with no space to enter "I'm on a f-ing train on f-ing laptop without an f-ing internet f-ing connection".

    It Adobe didn't put bugs/security holes in it'd up to date and there'd be no issue.

  27. Mark Dowling
    FAIL

    Adobe's crappy updaters

    Adobe AIR

    Adobe Shockwave

    Adobe Flash for IE

    Adobe Flash for FF

    Adobe Acrobat or Reader

    ALL USE DIFFERENT INSTALLERS/UPDATERS!

    WHY ADOBE? WHY???

    1. Mankpiece
      Happy

      The Answer

      Because they're sh*t.

  28. Ian Davies
    Mushroom

    Try Acrobat Pro

    ...that's just a shade under 1Gb.

    PAH! Just kidding.

    The reason it's sidelined on my machine isn't the launch times (they're actually not too bad, considering the monolithic size of the app) it's because it's out-performed in every area by the Preview app that comes with the OS. It's an order or magnitude slower on re-draw operations, Preview only takes up 12Mb on disk, and it refuses to respect that fact that I don't want its shitty browser plugin taking over PDF duties from the much better OS-level components available to Safari.

    Where's my turd icon in the shape of an Adobe logo?

  29. andrewjg

    more like 10/10

    Surely 10 out of 10 users have vulnerabilities. Given Adobe's track record there are undoubtedly new ones in later versions. As well as being slower and buggier.

  30. Brent Longborough
    Thumb Up

    On the other hand

    My Adobe Reader *uninstall* is completely up-to-date; I switched to PDF-XChange Viewer a long time ago

  31. AceyMan
    Megaphone

    ...in PDF limbo here

    We bounced Acrobat 9 out of here over a year ago after back to back to back exploit reveals and put out Foxit.

    I loved Foxit 4.x but so far Foxit 5.0 is not so good. They have lost their way and made it ugly and bloated. The simplicity of version 4 was a good thing.

    I've used Adobe Reader X some, but I cannot toggle the often used view settings as easy as I could in Foxit 4. Oh well, at least Reader X is secure (cough).

    I'll be trying one of the other viewers now (PDF Xchange?) to see if there's a better solution for my company.

  32. Tree
    Terminator

    Newer versions are bloatware!

    The last decent version is 4.0. They keep adding scripting then need a fix when it is hacked. Then you can play music with it, then movies. Better add DRM so can have copyrighted stuff. On my Win 98 box, I have version 2. It is very small and fast. I bet it has no vulnerabilities to hack into.

  33. IT veteran
    WTF?

    What REALLY put me off Adobe Reader X

    Was that it wanted a reboot after an update. Hello Adobe - the 1990's are calling and want their application back.

    And why do people insist on making forms in Acrobat that don't allow you to save them, even though they are asking for lots of data? I had one from Dell - a 5-6 page form asking for information for a new SAN install. You were supposed to fill it in all at once and e-mail it to Dell. I ended up having to print it out and fill it in by hand, before filling it in on the computer. WTF?

    Yay for Foxit here as well. If you ensure it doesn't install cr*p through the installer.

This topic is closed for new posts.

Other stories you might like