Software maker Adobe plans to roll out a completely rewritten utility to prod users of its Acrobat and Reader software to stay current with the latest versions and security fixes, a company representative said on Wednesday.
The company has already created the utility, known as the Adobe Acrobat Updater -- or in the case of Adobe Reader, the Adobe Reader Updater -- and has already distributed it to most of its users, but the update server will not be made active until the company's April patch day, said Brad Arkin, the director of product security and privacy for Adobe. A limited number of beta users will use the utility to download updates on Adobe's next major patch day, scheduled for January 12.
While Adobe has completely rewritten the latest updater, the greatest change for users is that the newer software will automatically download and install updates, unless the previous version was set to only download patches manually, Arkin said.
"When we looked from a security perspective, in terms of what are the characteristics of the Reader and Acrobat users who had security problems, almost always they are using an out-of-date version of the program," he said. "So the biggest thing we can do is to keep them up to date with the current version."
Companies are typically slowest to apply patches to fix ubiquitous third-party programs, such as Adobe's Reader and Acrobat software, according to vulnerability scanning firm Qualys. In data released last year, the company found that flaws in Microsoft Office, Sun's Java and Adobe's two programs remain long after the software developer released patches for the issues. On average, half of vulnerabilities in software were patched within 30 days of an update's release, Qualys found.
Adobe plans to gather data on the performance of its new updater utility from its beta testers on January 12. If the process goes well, it will roll out the update to its entire user base in April, Arkin said.
While both Windows users and Mac OS X users will get the update, Mac users will still have to enter their password to install any future updates, as required by the operating system, Arkin said.
If you have tips or insights on this topic, please contact SecurityFocus.
Posted by: Robert Lemos