Is Adobe trying to pull a fast one?

  • Thread starter Thread starter nomadreid
  • Start date Start date
  • Tags Tags
    Pull
Click For Summary
SUMMARY

The latest update for Adobe Flash Player raises significant privacy concerns, particularly regarding its handling of PDF files that can display ads and connect to third-party websites. Users are required to accept automatic updates, which may lead to unwanted changes in their software environment. The discussion highlights the potential security risks associated with PDFs, especially when JavaScript is enabled, and emphasizes the importance of disabling scripting support in Adobe Reader to mitigate these risks. Overall, the community suggests caution regarding updates and the need for users to be proactive in managing their software settings.

PREREQUISITES
  • Understanding of Adobe Flash Player and its updates
  • Familiarity with PDF file functionalities and security implications
  • Knowledge of JavaScript settings in Adobe Reader
  • Experience with custom installations of software to avoid unwanted features
NEXT STEPS
  • Research how to disable JavaScript in Adobe Reader for enhanced security
  • Learn about the privacy implications of using Adobe Flash Player and PDF files
  • Explore the settings in the Java Control Panel to manage updates and features
  • Investigate alternative PDF readers that offer better security controls
USEFUL FOR

Individuals concerned about software privacy and security, particularly those using Adobe products, as well as IT professionals managing software updates and configurations.

nomadreid
Gold Member
Messages
1,762
Reaction score
248
How concerned should I be when the latest update for Adobe Flash Player includes the following paragraph?

"7. Connectivity and Privacy. You acknowledge and agree to the following:
7.1 Use of PDF Files. When you Use the Software to open a PDF file that has been enabled to display
ads, your Computer may connect to a website operated by Adobe, an advertiser, or other third party.
Your Internet Protocol address (“IP Address”) is sent when this happens. The party hosting the site may
use technology to send (or “serve”) advertising or other electronic content that appears in or near the
opened PDF file. The website operator may also ... personalize advertising content. ... Adobe may not have access to or control over features that a third party may use, and the
information practices of third party websites are not covered by the Adobe Online Privacy Policy."

Not to mention that 7.2 makes you accept automatic updates.

For the moment, until someone on this forum can give me a good idea as to how much more spam this will bring me, I will not update. Any help would be appreciated.
 
Computer science news on Phys.org
I wouldn't be all that concerned. Flash is a dying technology anyway. Wouldn't be a big deal not to update. I remember they tried this a few years ago and ended up rolling it back.
 
  • Like
Likes   Reactions: nomadreid
nomadreid said:
When you Use the Software to open a PDF file that has been enabled to display
ads

I didn't know PDF files could display ads and open web pages without me clicking on hyperlinks in them...
 
berkeman said:
I didn't know PDF files could display ads and open web pages without me clicking on hyperlinks in them...
PDFs can do pretty much anything I suspect, unless you disable javascript in the reader. Otherwise they wouldn't be a malware vector.
 
  • Like
Likes   Reactions: jim mcnamara
Wabbit is spot on. PDF's are a security problem, as are any file objects that can support runing vbscript or js when opened. MSWORD, Excel, etc. This warning, or whatever or want to call it, is really Adobe covering their butts for people misusing their product. Originally PDF was a display only format. Then users demanded the ability to "edit" PDF objects. Then more bells and whistles. With that extended ability comes an extended liability.

PS: Your Adobe reader probably can already execute embedded code without the newest update. I first learned about this back in 2010.
http://blog.didierstevens.com/programs/pdf-tools/
 
Agreed. The first thing to do with a reader (for me) is go the the settings and disable scripting support (this can be done easily in adobe reader but scripting is enabled by default). This is very seldom used for useful purposes (mostly forms) but is a very definite security risk. Unfortunately, embedded readers in browsers don't always offer that possibility (I'd be happy to find one that does, actually).
 
  • Like
Likes   Reactions: berkeman
The thing that bothers me is that when downloading an update or a new version of a program I seem to get little surprises along with them. I updated java and all of a sudden a Bing search bar appeared. I updated the mapping program that my local county uses and shazam Google was gone and the Ask bar was there. Neither one could be deleted. I had to set Google as my preferred search engine.
 
edward said:
The thing that bothers me is that when downloading an update or a new version of a program I seem to get little surprises along with them. I updated java and all of a sudden a Bing search bar appeared. I updated the mapping program that my local county uses and shazam Google was gone and the Ask bar was there. Neither one could be deleted. I had to set Google as my preferred search engine.
Java version 8 update 45? I downloaded, and installed, it fine without any Bing search appearing.
 
edward said:
The thing that bothers me is that when downloading an update or a new version of a program I seem to get little surprises along with them. I updated java and all of a sudden a Bing search bar appeared.
This has been a standard "feature" of the Java updates for as long as I remember and is common to lots and lots of programs/updates. Pro tip: always do a "custom" install of every program you ever install so that you can see what else it wants to do that you should know about. You can pretty much always opt not to install the extra carp.
SteveTNZ said:
Java version 8 update 45? I downloaded, and installed, it fine without any Bing search appearing.
The "feature" described by edward can be disabled in the Java Control Panel. Maybe you disabled it long ago and forgot about it:

Java.jpg
 
  • Like
Likes   Reactions: davenn, Borg and edward
  • #10
Are there any downsides to disabling JavaScript in Adobe Acrobat? Will that prevent me from searching for words, or from copying words out of a PDF file to paste into other applications?
 
  • #11
wabbit said:
Agreed. The first thing to do with a reader (for me) is go the the settings and disable scripting support (this can be done easily in adobe reader but scripting is enabled by default). This is very seldom used for useful purposes (mostly forms) but is a very definite security risk. Unfortunately, embedded readers in browsers don't always offer that possibility (I'd be happy to find one that does, actually).
Where do you find settings? My Adobe reader does not see to have one. It has a ton of stuff under preferences but I can't find anything about scripting.
 
  • #12
phinds said:
It has a ton of stuff under preferences but I can't find anything about scripting.
I unchecked this, but I don't know if it's the right deal or not...?
Adobe JavaScript.JPG


 
  • #13
Right, that's what I was referring to - in the preferences, uncheck "Enable Acrobat javascript".
 
  • Like
Likes   Reactions: OCR
  • #14
wabbit said:
Right, that's what I was referring to - in the preferences, uncheck "Enable Acrobat javascript".
Ah, good... thank you, wabbit!
 
  • #15
berkeman said:
Are there any downsides to disabling JavaScript in Adobe Acrobat? Will that prevent me from searching for words, or from copying words out of a PDF file to paste into other applications?
It doesn't disable that for me, but its an easy setting to toggle back on if you find you miss some functionality.

There is an alternative it seems : under "security" and "advanced security" you can play with a number of subtle settings that appear to fine tune which documents you allow to do what - but I don't understand it, it's far too complex for me - the on/off button is all I use. And I use the "off" position only.
 
  • #16
Thanks rabbit. Got it.
 
  • #17
nomadreid said:
Your Internet Protocol address (“IP Address”) is sent when this happens.
The IP Address is always sent as part of any internet request. Otherwise, the receiving server wouldn't know where to send the response.
 
  • #18
russ_watters said:
This has been a standard "feature" of the Java updates for as long as I remember and is common to lots and lots of programs/updates. Pro tip: always do a "custom" install of every program you ever install so that you can see what else it wants to do that you should know about. You can pretty much always opt not to install the extra carp.

The "feature" described by edward can be disabled in the Java Control Panel. Maybe you disabled it long ago and forgot about it:

View attachment 83797

I don't recall going that deep into Java settings -- maybe there was an option in a previous upgrade that I un-ticked that was the same setting. But I checked my settings and that particular setting is un-ticked.
 

Similar threads

What are your thoughts on ipv6?
  • · Replies 5 ·
Replies
5
Views
4K
Understanding DRAM Refresh Operations
  • · Replies 14 ·
Replies
14
Views
5K
Anonimity: Time to take the internet back.
  • · Replies 3 ·
Replies
3
Views
4K
Tesla starts "full self-driving" beta test - follow-up
  • · Replies 22 ·
Replies
22
Views
5K
Why Did Only One Computer Connect to the Network This Morning?
  • · Replies 4 ·
Replies
4
Views
3K
Undergrad New Naming Rules for Exotic Hadrons at the LHC: LHCb Collaboration Paper (2022)
  • · Replies 7 ·
Replies
7
Views
2K
Questions about the operation of this C68MX11 CPU
  • · Replies 7 ·
Replies
7
Views
4K
Is Google Scanning Your Emails Really a Privacy Concern?
  • · Replies 8 ·
Replies
8
Views
4K
Current and Future AI Threats to Humanity and the Human Response
  • · Replies 10 ·
Replies
10
Views
5K
Photon-Foil FTL Drive theory
  • · Replies 8 ·
Replies
8
Views
1K