Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: Solution to Adobe Reader

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
PSI

This thread has been marked as locked.
TiMow Solution to Adobe Reader
Dedicated Contributor 21st Feb, 2010 11:21
Ranking: 737
Posts: 728
User Since: 26th Jun, 2009
System Score: N/A
Location: CH
Hello forum community,

Rather than respond to each individual thread currently relating to Adobe Reader 9.3, I will offer this possible solution/advice as a separate thread.

Just because Adobe Reader comes as default on our systems and is used by many sites as their default PDF reader, doesn`t mean we have to stay with it.

There are alternatives out there - you should maybe consider another, instead of continually trying to bash out solutions to another Adobe upgrade.

This link offers some free, independent advice and alternatives:

http://pdfreaders.org/

Personally, I have changed to Foxit Reader, on the advice of Maurice Joyce (a respected forum contributor), after Adobe Reader turned all browsers insecure before XMas, with Adobe saying a fix wouldn`t be available until mid-Jan.

I think its just as good, probably better, to use, as Adobe ever was.

One precautionary thing to bear in mind (if you choose Foxit), is the advice at the time from M.J. was to choose custom install, as ASK Toolbar was included in the installation pack. Unless you`re desperate to have this forced on you, you can exclude it with custom installation.

Hope this helps anyone out there still having problems.

TiMow

--
Computing is not yet a perfect science - it still requires humans.

skia7 RE: Solution to Adobe Reader
Member 21st Feb, 2010 15:12
Score: 0
Posts: 18
User Since: 2nd Sep 2009
System Score: N/A
Location: NL
good reply. i did the same changed to Foxit after i saw how much space Adobe took up how much of it i did not need and the Insecurities.
Yes best solution Change.
Was this reply relevant?
+0
-0
TiMow RE: Solution to Adobe Reader
Dedicated Contributor 22nd Feb, 2010 10:09
Score: 737
Posts: 728
User Since: 26th Jun 2009
System Score: N/A
Location: CH
Just keeping this thread near the top of the list, as members still seem to be suffering.

TiMow

--
Computing is not yet a perfect science - it still requires humans.
Was this reply relevant?
+0
-0
MaxLV128 RE: Solution to Adobe Reader
Member 22nd Feb, 2010 10:36
Score: -2
Posts: 17
User Since: 22nd May 2009
System Score: N/A
Location: NZ
on 21st Feb, 2010 11:21, TiMow wrote:
Hello forum community,

Rather than respond to each individual thread currently relating to Adobe Reader 9.3, I will offer this possible solution/advice as a separate thread.

Just because Adobe Reader comes as default on our systems and is used by many sites as their default PDF reader, doesn`t mean we have to stay with it.

There are alternatives out there - you should maybe consider another, instead of continually trying to bash out solutions to another Adobe upgrade.

This link offers some free, independent advice and alternatives:

http://pdfreaders.org/

Personally, I have changed to Foxit Reader, on the advice of Maurice Joyce (a respected forum contributor), after Adobe Reader turned all browsers insecure before XMas, with Adobe saying a fix wouldn`t be available until mid-Jan.

I think its just as good, probably better, to use, as Adobe ever was.

One precautionary thing to bear in mind (if you choose Foxit), is the advice at the time from M.J. was to choose custom install, as ASK Toolbar was included in the installation pack. Unless you`re desperate to have this forced on you, you can exclude it with custom installation.

Hope this helps anyone out there still having problems.

TiMow


Dont take this the wrong way but because PSI is broken and is currently incapable of verifying that Adobe reader has been updated to 9.3.1 unless it's installed in the default location of C:\adobe\reader is not a reason to dump Adobe reader.

It's PSI that's broken, NOT Adobe Reader.

As to pdf readers like Foxit been there done that and as I depend on being able to read, download, and print PDF files like invoices, bank account statements, etc, I have found that these 'wanna be' PDF readers dont always work where Adobe reader does.
Was this reply relevant?
+0
-0
This user no longer exists RE: Solution to Adobe Reader
Member 22nd Feb, 2010 10:58
Hi,
The PSI does not affect where updates are installed. If new updates fail to remove the file that was previously detected as insecure, that file will still be detected. You should see 2 entries for Adobe Reader when this happens, one secure, and the other insecure. The secure version is what you just installed, but a reader in a non-default location would not really be affected by the update.

The PSI picks up all it "knows" from files on your hard drive. If the vulnerable version is still present (eg. the old version hasn't been removed) the PSI will still pick it up.

hope this helps.
Was this reply relevant?
+0
-0
TiMow RE: Solution to Adobe Reader
Dedicated Contributor 22nd Feb, 2010 11:30
Score: 737
Posts: 728
User Since: 26th Jun 2009
System Score: N/A
Location: CH
@ MaxLV128

Nothing taken the wrong way.

The good thing about a free forum is that everyone has an opinion, which adds to the collective whole.

It just seems to be the case, that Adobe has more than its fair share of security issues, and the subsequent updates and patches are not without their problems for many users.

In my above post I have outlined my reasons for changing my PDF reader - based on a range of available information at the time.

But we all have different requirements, and must choose what we believe suits these requirements best - not all are the same.

But I am sure that many members can better use their time, rather than bash around trying to sort out a problem that could well reoccur next time Adobe issue a patch.

It seems often to be the case that members find fault in PSI when they cant instantly fix a problem, until an alternative solution to their problem is offered.

We cant forget, that most of us are just users and not software writers or programmers, and without constant "housekeeping" our systems and files can become corrupted, whilst still usable - we read it here everyday on the forum - this is why all fixes don`t work for all users.

But we shouldn`t shoot the messenger.

TiMow

--
Computing is not yet a perfect science - it still requires humans.
Was this reply relevant?
+0
-0
MaxLV128 RE: Solution to Adobe Reader
Member 22nd Feb, 2010 11:55
Score: -2
Posts: 17
User Since: 22nd May 2009
System Score: N/A
Location: NZ
Last edited on 22nd Feb, 2010 12:09
on 22nd Feb, 2010 10:58, wrote:
Hi,
The PSI does not affect where updates are installed. If new updates fail to remove the file that was previously detected as insecure, that file will still be detected. You should see 2 entries for Adobe Reader when this happens, one secure, and the other insecure. The secure version is what you just installed, but a reader in a non-default location would not really be affected by the update.

The PSI picks up all it "knows" from files on your hard drive. If the vulnerable version is still present (eg. the old version hasn't been removed) the PSI will still pick it up.

hope this helps.


In this case it doesn't help at all.

When Adobe reader updates from it's help check for updates option it updates the files where it is running from. (in this case D:\Adobe\Reader)

All the testing I have done over the last 3+ days show that PSI is NOT able to detect that Adobe reader has been updated to 9.3.1 unless it has been installed in the default install location of C:\Program Files|Adobe\Reader.

Install Adobe Reader 9.3.1 any where else, on any other hard drive or partition, or even in another location on C:\ PSI does not detect that Adobe reader is 9.3.1.

I have completely deleted Adobe Reader, cleared the registry of all traces of Adobe Reader, deleted the Adobe folders, and rebooted between each test.

I have also tried it on several different computers (all running WIndows 7 Home Premium with PSI instaled on each one) and results are the same on each computer.

PSI just does NOT recognise Adobe Reader 9.3.1 has been installed unless it's in the default location of C:\Program Files\Adobe\Reader...

I'm picking someone at Secunia has hard coded C:\Program Files\Adobe\Reader into the search rules PSI uses and downloads everytime it does a full scan, which stops PSI from verifying Adobe Reader correctly when it's installed in another lcation.

PSI never cared about where Adobe Reader was installed previously, why is it now?

PSI only show the one instalation path in it's insecure tab and that is D:\Adobe\Reader\.

Any other copies/locations of Adobe Reader are on a NAS, on the network, and as PSI cant see or scan network drives/files it wont ever report those files as being insecure because it never sees them.

Was this reply relevant?
+0
-0
TiMow RE: Solution to Adobe Reader
Dedicated Contributor 22nd Feb, 2010 13:23
Score: 737
Posts: 728
User Since: 26th Jun 2009
System Score: N/A
Location: CH
@ MaxLV128

You obviously have an informed and logical handle on this problem, and it could well be that the problem may lie within the Secunia programs you`ve used, although Secunia Official seem to think otherwise. You`ll have to wait to see if they come back with another response.

So bearing in mind that knowledge is power, it may be better to content yourself with the fact that as far as you`re concerned your installation of Adobe Reader is secure, despite what the PSI scan results are telling you.

This unfortunately seems to be developing into a situation that is becoming beyond a simple fix, and I`m sure they`re looking into it in Denmark with full attention.

But as past situations have shown, there have historically been more problems with Adobe software than with that from Secunia.

But to the average user, just trying to maintain a secure (as possible) system, the whys and where-forths are possibly irrelevant ; - which brings me back to my initial post at the top of this thread - if, like me, you only need a PDF reader to open the odd document here and there, then maybe its not neceesary to remain loyal to Adobe, and their inherent problems, whatever the root of their cause turns out to be.

TiMow


--
Computing is not yet a perfect science - it still requires humans.
Was this reply relevant?
+0
-0
This user no longer exists RE: Solution to Adobe Reader
Member 22nd Feb, 2010 14:13
Last edited on 22nd Feb, 2010 14:32 MaxLV128

Hi,
@MaxLV128
Turns out there was an include for a certain folder for our rule. This should now have been corrected. Does a rescan show your patched reader installation?
Thank you for pointing this out, we appreciate your work in testing this.

Hope this helps.
Was this reply relevant?
+0
-0
Leendert Kip Solution to Adobe Reader
Member 22nd Feb, 2010 15:19
Score: 65
Posts: 520
User Since: 22nd Jan 2009
System Score: 100%
Location: NL
Last edited on 22nd Feb, 2010 15:22
I can confirm from experience with Foxit Reader for more than 8 months that Foxit is a very good solution. Up to now I didn't have any problem with updating. I only found out that installing the Taskbar, which comes with Foxit, is unnescessary. You can untick the selection before installing. Further you must not install Foxit Phantom. This feature costs 129$! Since using Foxit. I never found a pdf document that could not be read with Foxit.

--
PC: JJ Computer Services
Intel Core I3 2100 3.1Ghz
DDR3 Kingston ValueRam 4GB 1333
Windows 7 Home Premium 64bits SP1
Secunia PSI 3.0.0.9016
Internet Explorer 9
Mozilla Firefox 31NL

Laptop: MSI GT780DX
Intel Core I5-2450
DDR3 RAM 6GB
Windows 7 Home Premium 64bits SP1
Secunia PSI 3.0.0.9016
Internet Explorer 11
Mozilla Firefox 31NL
Was this reply relevant?
+0
-0
MaxLV128 RE: Solution to Adobe Reader
Member 22nd Feb, 2010 18:56
Score: -2
Posts: 17
User Since: 22nd May 2009
System Score: N/A
Location: NZ
on 22nd Feb, 2010 14:13, wrote:
MaxLV128

Hi,
@MaxLV128
Turns out there was an include for a certain folder for our rule. This should now have been corrected. Does a rescan show your patched reader installation?
Thank you for pointing this out, we appreciate your work in testing this.

Hope this helps.


Yes. PSI is now detecting that Adobe Reader in D:\Adobe\Reader is patched (updated) to 9.3.1

Thanks for sorting this out....

PS: Where does PSI store the search rules it uses, and are they 'human readable?'

PPS: Are there any plans to give a future version of PSI the ability to scan over a network?

It would help when users like myself have several computers on a home network look after, to be able to have PSI scan each Computer from one 'administration' computer rather than having to physically go to/logon to each PC on the network to run/check PSI scans.
Was this reply relevant?
+0
-0
Anthony Wells RE: Solution to Adobe Reader
Expert Contributor 22nd Feb, 2010 19:34
Score: 2425
Posts: 3,314
User Since: 19th Dec 2007
System Score: N/A
Location: N/A

Hello TiMow ,

Without going into a long post , Adobe Acrobat/Reader patches quite well and quickly as this time showed , as has happened before , Secunia needed time to update it's rules and had made a mistake over a folder designation . S#$% happens .

Flash is a problem between Adobe and Windows , but even Secunia don't tell you to close the PSI which you have just used to download a "solution" before you "run" it !!

The most frequently used programmes are not strictly the most "vulnerable" but are the most lucratively attacked as they return more (ill) gotten gains .

The title of your thread might read better in the conditional (a "possible/useful ...) so as not to frustrate those "stuck" with Adobe Reader .

Adobe products are all "patched" as of today (at least on my PC:)))

The web is scary enough as it is without any Cassandras .

Take care
Anthony

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+0
-0
TiMow RE: Solution to Adobe Reader
Dedicated Contributor 23rd Feb, 2010 17:29
Score: 737
Posts: 728
User Since: 26th Jun 2009
System Score: N/A
Location: CH
Hello Anthony,

Your tact and diplomacy are duly noted.

When I first started coming to the forum with Adobe problems, I soon learnt that the solutions offered by M.J. were beneficial in getting them fixed. I also picked up on his views on all things beginning with "A" and ending in "dobe", and have to a small degree carried them forward, from a users perspective as opposed to a technical one.

I`ve already outlined my reasons for changing, and it appears that some others are of a similar mind.

As I no longer have Reader installed, and don`t use Acrobat, I don`t normally get involved in these problems, or appreciate how easy or quick the fixes usually are. But in this case, I felt obliged to offer an alternative to the many users, who just need a reader for occasional use (I have downloaded several user manuals / instructions, where I no longer have the original physical copy - and it matters not with what I read them - just that I can). For those that may have a more professional requirement, I couldn`t begin to compare the virtues of one over another.

As you`re aware, there are many postings here, that too quickly attribute blame to PSI not instantly offering a fix to their problem (Adobe or otherwise) and often its just a small piece of missing info., and not the program. Not being familiar with some of the more occasional posters, who may have a technical background, it took a few posts to pick up on this, in this case - but for me that`s the principle of a forum - a melting pot of input from all levels of knowledge.

In this instance Secunia (and I) were off the plot a bit.

But I do stand by the title for 2 reasons:

1) For me, it was a solution to change to Foxit from Adobe (actual, not possible);

2) Also, I believe the idea of posting a thread is to reach as many readers as possible for the collective input, and its necessary to catch attention with just a few words.

In this case I think even Apollo would have realised this wasn`t doommongering.

TiMow

--
Computing is not yet a perfect science - it still requires humans.
Was this reply relevant?
+0
-0
Anthony Wells RE: Solution to Adobe Reader
Expert Contributor 23rd Feb, 2010 18:11
Score: 2425
Posts: 3,314
User Since: 19th Dec 2007
System Score: N/A
Location: N/A
Last edited on 23rd Feb, 2010 18:14
Hello TiMow ,

Cassandra used to invite me to visit Apollo in Manchester (when I lived in the UK) where she had front row seats for live music concerts , despite the Dire Straits ahead (also , think Tina Turner or Van Morrison) I was there in a Flash .

No need to Read too much into things , I prefer the conditional to the (non-existent , outside death , taxes and vodka) absolute (think pre-fix "A") ; equally impartial tranquillity to the judgemental .

Take care
Anthony

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+0
-0
TiMow RE: Solution to Adobe Reader
Dedicated Contributor 23rd Feb, 2010 18:28
Score: 737
Posts: 728
User Since: 26th Jun 2009
System Score: N/A
Location: CH
Evening, Anthony,

Good to see you have your poetic head on tonight, as well as your philosophical one (good job I followed your advice for a spell checker on Ff, with that one).

I just needed some typing practice and to try out this this speck cheller.

For a moment I probably thought I was back in Hyde Park.

Wax lyrical.

TiMow

--
Computing is not yet a perfect science - it still requires humans.
Was this reply relevant?
+0
-0
Anthony Wells RE: Solution to Adobe Reader
Expert Contributor 23rd Feb, 2010 21:12
Score: 2425
Posts: 3,314
User Since: 19th Dec 2007
System Score: N/A
Location: N/A


TMoiw ,

Can cofinrm , yuor splecehrlkcer lokos good to my dylxsia .

Anthony

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+0
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability