Comments on: Rap Sheets on Top Software Vendors

By: Bill Newhouse

Bill Newhouse — Tue, 21 Dec 2010 20:18:34 +0000

I would be interested in knowing if the awareness of the exploits targeting older versions of Adobe really had an impact on Adobe’s bottom line. They NY Times reports, “Adobe Posts Its First Billion-Dollar Quarter”, http://www.nytimes.com/2010/12/21/technology/21adobe.html?ref=technology.

Would the US be better off if we could devise a cyber economic incentive policy that pushed US companies to develop more secure software?

By: David Ward

David Ward — Fri, 10 Dec 2010 05:04:12 +0000

Isn’t some of the update points mute when it comes to Chrome; Since Chrome updates continiously, includes a pseudo/maybe-real sandboxed PDF viewer and I think probably updates Java as well; And flash components which are particularly sandboxed. I think several of these points were brought up again at the recent Google Announcement about Chrome OS. (See http://www.twit.tv/specials for more info and coverage)

By: KFritz

KFritz — Wed, 08 Dec 2010 21:59:43 +0000

Anyone dealing w/ the Library of Congress Copyright process is forced to use Adobe. I download, install, use, and uninstall it on each occasion, using the Search tool to make sure that our dear fiends @ Adobe (now better than ever with Larry Ellison is in charge!) don’t leave any detritus in the machine.

By: Bill

Bill — Wed, 08 Dec 2010 01:15:51 +0000

Russ, Thanks for the comment. Installed Sumatra today and happy so far (replaced Nuance — I gave up on Adobe long ago). Need to note that I don’t require a lot of resource-intensive functionality.

By: Al Huger

Al Huger — Wed, 08 Dec 2010 00:14:04 +0000

When held in that light Secunia has the same vested interests than Symantec. More so in fact, Secunia makes their living in this space (vulns and their related tech) and it’s nearly all their revenue base. Symantec makes their coin in AV (and storage etc. of course) and accounts for vuln related software on a very, very minimal basis. I personally trust both but if I wanted to be cynical I would pick the one make the least amount of the space. Either way, I think Secunia’s stuff is great, I am not weighting one against the other.

By: TJ

TJ — Wed, 08 Dec 2010 00:05:39 +0000

Al – Your probably right. Fair or not, however, I think more people trust the impartiality of Secunia over Symantec in analyzing this type of vulnerability data. I know I find it hard to read anything published by anti-malware vendors, such as Symantec, where I’m not questioning what the self-serving motivation was.

By: Al Huger

Al Huger — Tue, 07 Dec 2010 20:33:51 +0000

I did not say the ‘sheets’ are not new. I said the data being presented to the public, this exact sort of data, is not new. It does not make it any less valuable, it’s just now new.

By: Phoenix

Phoenix — Tue, 07 Dec 2010 19:41:05 +0000

Secunia says fact sheets are new so I”ll take their word for it.
http://secunia.com/company/blog_news/news/157

By: Al Huger

Al Huger — Tue, 07 Dec 2010 18:07:55 +0000

I am not sure this is new per se. This exact data has been being published in Symantec’s Internet Security Threat Report for years.

By: Russ

Russ — Tue, 07 Dec 2010 17:55:26 +0000

Sure, but even if your default PDF reading app is set to Foxit the possibility exists for exploits to go through Adobe. Just as certain apps I run that open their reports in IE despite my default browser being Firefox, I believe there are ways to force a PDF to open in a specific tool as opposed to the user set default.

Foxit’s nice, but I’ve really taken to Sumatra myself. Very small footprint and very, very snappy.