Adobe Download Manager Installing Software Without Consent 98
"Not all is worth cheering about as Adobe turns 20," writes reader adeelarshad82, who excerpts from a story at PC Magazine's Security Watch: "Researcher Aviv Raff has found a problem in ADM (Adobe Download Manager) and the method through which it is delivered from adobe.com. The net effect of the problem is that a user can be tricked into downloading and installing software using ADM without actual consent. Tonight Adobe acknowledged the report and said they were working on the issue with Raff and NOS Microsystems, the company that wrote ADM."
Bonjour (Score:5, Informative)
Bonjour [wikipedia.org] is just as bad. It scans your LAN constantly, takes A LOT resources and provides nothing good. And it's installed without asking you along any Adobe product.
Re:Bonjour (Score:4, Interesting)
When you install a piece of software you should be warned of hitchhikers and be given the option to not install.
Bonjour is packaged with a few pieces of useless trash now.
Re:Bonjour (Score:5, Insightful)
It may have something to do with (1) sometimes posting worthwhile comments and (2) not being a vulgar idiot.
Please consider doing either or both in the future.
Re: (Score:2, Insightful)
Re: (Score:2)
OK, let's just get this straight here: some people do not like Apple (myself included) and in general negative Apple comments on Slashdot do get modded down regardless of how true they are.
Funny, I've made a number of (mildly) anti-Apple comments over the years, and very few have got any negative mods at all. Of course, most of them have been along the lines of stating simple facts about specific things that don't work well, or which are implemented somewhat better in other systems.
A lot of them have been
Re: (Score:2)
Bonjour is an integral part of iTunes and Mac OS X. It does things like automatically discover people on your network sharing their music with you (from either Linux, Mac or Windows), it automatically discovers other services like Apache webservers, printers, configuration pages, iPhone/iPod's for remote control of your iTunes library, AppleTV's and a bunch of other services that are available over Bonjour.
Microsoft bundles their operating system with the exact same functionality, just based on a non-open s
Re:Bonjour (Score:5, Insightful)
Re: (Score:2)
I have opted out of Safari and it doesn't get selected each time. But I have gotten tired of the tens of MB installs of iTunes/Quicktime that I've switched to Foobar 2000 and Quicktime Alternative. I stopped upgrading iTunes/Quicktime when the bundle was 70+MB but now it is 100+ which is ridiculous.
As far as Adobe Download Manager, I have removed Acrobat Reader and replaced it with PDF XChange (Portable) Reader.
Re: (Score:2, Troll)
Re: (Score:1)
Whether the two companies can really be lumped together is up for debate, but they frequently provide a slick application that works very well. Most of the automatic updates improve security and reduce bugs.
It is good to be aware that many successful commercial ventures do take this approach, and it is even better when we keep them honest about it. How many of us really want to give up on all products from either of these two companies?
Re: (Score:1)
Anyway, your question seems like a great slash poll. I for one would love to never have to touch a computer with software by either company on it again.
Re: (Score:1)
I don't actually want the parent to my post modded that way.
Re: (Score:2)
Re:Bonjour (Score:5, Informative)
To be fair to Apple, they only did that the one time - and learnt their lesson *really* quickly! Now it shows up in Apple Software Update, but un-ticked.
Which is fine by me, as I don't have any need for Safari. Already have Firefox for day-to-day browsing, Chrome for testing, and IE for just remote access to work.
-MT.
Re: (Score:2)
Ah, I'm on Windows. Guess it's OK if it's on their 'turf', so to speak. Sorry, dude.
-MT.
Re: (Score:2)
But not enough to stop using iTunes it would seem.
Re: (Score:1)
Sounds like you're voting with your wallet...
Re: (Score:1)
Re: (Score:1, Offtopic)
Re:Bonjour (Score:4, Informative)
Re: (Score:2, Redundant)
Re: (Score:2)
All fine in that case, but I would never put iTunes on my computer, but still I've had it for long time before I few weeks ago had to hack it away.
Re: (Score:1)
Other apps use and install the Bonjour service.
From Wikipedia [wikipedia.org]:
Bonjour is a general method to discover services on a local area network. It is widely used throughout Mac OS X and allows users to set up a network without any configuration. Currently it is used by Mac OS X and on other operating systems to find printers and file-sharing servers. It is also used by iTunes to find shared music, iPhoto to find shared photos, iChat, Adobe Systems Creative Suite 3, Proteus, Adium, Fire, Pidgin, Skype, Vine Server, Elgato EyeTV to share local recordings with multiple clients, the Gizmo5 to find other users on the local network, TiVo Desktop to find digital video recorders and shared media libraries, SubEthaEdit and e to find document collaborators, Contactizer to find and share contacts, tasks, and events information, and OmniFocus to synchronize projects and tasks across the Mac desktop and the iPhone or iPod touch. It is used by Safari to find local web servers and configuration pages for local devices, and by Asterisk to advertise telephone services along with configuration parameters to VoIP phones and dialers. Software such as Bonjour Browser or iStumbler, both for Mac OS X, or Zeroconf Neighborhood Explorer for Windows, can be used to view all services declared by these applications. Apple's "Remote" application for iPhone and iPod Touch also uses Bonjour to establish connection to iTunes libraries via Wi-Fi.[2]
Re: (Score:2)
Do those Adobe products depend on Bonjour to work?
Can you uninstall Bonjour without losing functionality? How?
Disable (Score:5, Informative)
Re: (Score:1)
Parent, link is just some un-useful text, then this link:
http://kb2.adobe.com/cps/404/kb404813.html [adobe.com]
Just follow this link instead.
Re: (Score:2)
Google "block adobe hosts file" for more useful info.
Re: (Score:1)
How about just posting the link to the adobe kb instead?
http://kb2.adobe.com/cps/404/kb404813.html [adobe.com]
Re: (Score:2)
Free software (Score:1, Funny)
Recently, I found a design flaw on Adobe’s website, which allows the abuse of the Adobe Download Manager to force the automatic installation of Adobe products, as well as other software products (e.g. Google Toolbar).
Anyway to get them for "force" a free download of PhotoShop?
Re:Free software (Score:5, Informative)
"Anyway to get them for "force" a free download of PhotoShop?"
No, but blocking the proper entries in your hosts file as someone might do who didn't want Adobe warez "phoning home" would take care of unwanted "updates" nicely.
Re: (Score:2)
How about a malware writer moding your host file so that when the Adobe warez phones home it gets something quite different?
I know we think of computer users as dumb. But must we have our "trusted vendors" also assume that all users are too dumb to trust with a decision about when and where you want to get your software from?
It's not like Microsoft and Adobe have sterling records for keeping our system secure or anything.
No surprise there.... (Score:5, Insightful)
Re:No surprise there.... (Score:5, Insightful)
I not only distrust download managers, I don't see the fucking point. To my mind, the only reason any of these guys make them is so they can make back doors to stuff what you don't want with what you do. Naturally these download managers have the potential of being abused either by the company or by some third party exploiting them.
If I can't download the thing through FTP, HTTP or bittorrent, I'm not interested, period. There's no technical reason for download managers, and thus any company that uses them has some nefarious goal in mind.
Re: (Score:1)
Re:No surprise there.... (Score:5, Insightful)
I can explain the point to you:
See, Linux/BSD systems have this nice thing called a ‘package manager”. And since all software is free, you essentially have a nice “app store”-like interface, where you can install everything (out of currently over 13,000 packages here on Gentoo) you like.
Then when you want to update things, you can just call one global update program, and be done with it. Everything that has an update available, will be updated. With tons of options on what you want to block, what you want to allow despite it being marked as unstable, etc, etc, etc.
After a while, when your rule set is stabilizing, and you routinely do those updates, you start to feel the natural need to automate it. (Unfortunately, most Windows users lack that need, since they are trained to use a PC like an appliance.) So you automate it.
Now of course, big companies get all wet or stiff down there, when they see such a system. But since there is no such thing for Windows, they try to imitate it with such a download manager. Badly.
But since everyone rolls his own thing, does not give you any control, and they don’t understand all aspects of package management anyway, you get a mess of tons of stupid background processes doing stupid (and sometimes useful) things without asking you.
This is a opportunity that Microsoft clearly missed. Sure, they have Windows Update, which is not that bad and does the job for Windows itself, plus some drivers. But they should have offered a real package manager, and allow others to integrate into it. That would have given them big plus points from companies and users.
And now we’re in the mess. :)
But hey: You can still make some room and install a beginner-friendly Linux distribution, to go to, when you start pulling hairs again.
Re: (Score:2)
This is a opportunity that Microsoft clearly missed. Sure, they have Windows Update, which is not that bad and does the job for Windows itself, plus some drivers. But they should have offered a real package manager, and allow others to integrate into it. That would have given them big plus points from companies and users.
I don't see what is stopping them now. It's not like someone else has cornered the market on package management on Windows; even Apple has neglected this feature on their own OS.
If and when Microsoft finally gets around to this I fully expect other software publishers will fall into line and use the new service.
Re: (Score:3, Insightful)
Re: (Score:2)
I don't use it for that because I like my computer to work fine without bluescreens and flakiness.
I doubt it is a good idea for Microsoft to start pushing that update system as a mainstream method of updating non-Microsoft software for Windows. Microsoft is a convicted monopolist, so taking such a direction so soon would create more problems for them.
Re: (Score:2)
> This is a opportunity that Microsoft clearly missed. Sure, they have Windows Update, which is not that bad and does the job for Windows itself, plus some drivers.
How do you conclude that it is "not that bad"? The idea is fine, but the implementation is one of the worst things Microsoft has delivered, and certainly the worst implementation that is widely used (due to a lack of alternatives).
Re: (Score:2)
Simple: It does in fact update Windows. Even automatically. And bad patches are not the update system’s fault.
So it is better than having nothing at all. And does its job.
That’s not that bad, is it?
Re: (Score:2)
And since all software is free, you essentially have a nice "app store"-like interface, where you can install everything (out of currently over 13,000 packages here on Gentoo) you like
not quite everything written for Linux is free and not quite everything will be in every repository.
or in the same state in every repository.
and while Windows doesn't have a universal repository - there are many mega-mall Windows "app stores" like Download.com.
Re: (Score:2)
IMO, Windows won't ever have this.
It could have the technical part of it - package manager, repository, etc.
But where Linux wins massively is that the package manager system serves exclusively the needs of the user. It doesn't try to push crap like toolbars on you with every new application. It doesn't install spyware. It doesn't try to get you to "Try this new cool thing we made!". It doesn't install applications that do underhanded things - if one slipped through the distribution would remove it. It won't
Re: (Score:2)
Only because there's no money in it. Believe me, as soon as there were millions of naive users getting applications from some package manager, the Comet Cursors of the world won't be far behind.
Re: (Score:2)
There's no technical reason for download managers
Unless you are unfortunate enough to have slow and/or unreliable internet.
Re: (Score:2)
Re: (Score:3, Interesting)
Conversely, they know that a major subset of their users are like my father.
When Itunes wants to be updated, it says, "Hey! Update me!". My father says OK, and a browser opens. He has to find the download link (took him a while to realize that was what needed doing). Then, he has to save it locally. Then, he has to FIND the file and actually run it. Some users think that after they've downloaded it, it's installed - whoops. If they do actually think they need to run it, sometimes they have a hard time
Re: (Score:2)
I'm not sure if this applies to all download managers, but speaking specifically of the Adobe one, the reason they pressure you into using it, and make it more difficult to find the direct HTTP-link, is because it uses P2P technology from Akamai to spread out the bandwidth cost among all the people downloading.
Re:No surprise there.... (Score:5, Insightful)
If I can't download the thing through FTP, HTTP or bittorrent, I'm not interested, period.
You aren't the market. The non technical end user is the market. The user who isn't even aware that his PC has an FTP client - and won't install one short of being forced to do so at gun point. The geek lost this battle along about AOL 3.0 for Windows.
Re: (Score:1)
Re: (Score:1, Informative)
I work at Adobe and from what I've heard, the reason we use this is that many browsers simply aren't reliable when downloading huge files over HTTP or FTP. Firefox has always seemed decent at it to me, but apparently there are enough out there that can't handle downloading all of Creative Suite... Maybe we will phase it out as newer browsers start to dominate the marketshare.
As for Bittorrent, that's probably asking for too much from many artist-types -- not to mention many IT policies block all "file sha
Re: (Score:1)
Download managers had one real benefit some time ago, which has since expired as we moved on to broadband: resumable downloads, for those often times when your analog modem or ISP dropped the connection. This was handy when downloading large (for the day) files over unreliable connections that could drop if your cat sneezed.
I avoid DLM's as much as possible. Give me an http or ftp or torrent anyday over a DLM. In fact, I will avoid any software that requires use of a DLM to install or keep it updated.
They a
Re: (Score:2)
Maybe our terminology is a little incompatible here. But apt-get is a download manager is it not? It and the rest of its cousins common in linux are quite easy and useful.
Re: (Score:2, Informative)
No apt-get (or aptitude as you should use) is a package manager. Stuff Adobe gives you, or whatever iTunes installs, or any Windows updater for non-OS software are download managers.
Go download some drivers at Dell. It will ask you to install a download manager for its drivers. What for? That's a download manager to me.
Re: (Score:2)
Re: (Score:2)
Maybe our terminology is a little incompatible here. But apt-get is a download manager is it not?
No, it is not. apt-get is a package manager; it uses a download manager called wget to fetch files which it then passes to dpkg for installation. wget has an enormous feature set not utilized by apt-get, which is a stupid name. It should have simply been called apt. Of course, aptitude is better anyway...
Re: (Score:2)
Re: (Score:2)
They mail you a USB stick in the post ?
They transmit the bits via semaphore ?
I'm intrigued with this internet-less upgrade method you described.
Re: (Score:2)
Re: (Score:2)
Back in the dialup days I used something called Getright frequently. When a file took days to download and your connection was unstable... they had their use. Nowdays, not so much.
Re: (Score:2)
Oh yah, there was also this program called WebWhacker which was like wget -r for windows (hmm looks like it's still around and selling for USD49.95).
DLM? No thank you (Score:5, Informative)
I've always distrusted Adobe simply for pushing the Google Toolbar, or these days McAfee. An easy way to get Reader or Flash without getting stuck with their stupid and unnecessary DLM is to cancel the first download, and then "click here if your download doesn't start". That way you only get the installer you wanted, not all the other crap they're trying to push on you.
Re: (Score:2)
I agree. Why the hell am I prompted to install some freaking Firefox addon just to download Adobe Flash? Ridiculous.
Re: (Score:3, Insightful)
Ironically, the first time I tried DLM, it didn't work. So now I know to bypass that and hit the direct download link instead for what I can there for.
-MT.
Re: (Score:2)
I haven't bought anything by Adobe ever since I bought one of their cars [jt.org]. Oh, sure, you fix the dents yourself.. until it cures!!! Then good luck reshaping your new brick.
Re: (Score:2)
I use filehippo.com to skip all that crap, all the apps in one place... like yahoo messenger, google earth and a few other apps I need to get fast without browsing through 10 pages to get to a damn download manager. They have annoying adds, but it's OK if you use add-block.
A minor nit (Score:5, Informative)
Adobe is about 28 this year. It's Photoshop that is 20.
Re: (Score:2)
So one year, and that Gimp can legally fuck Photoshop? Or what are the laws over there? ^^
Re: (Score:1)
You know what would have been funny? If GIMP had been named ImageStore.
Consider using Google Pack (w updater) (Score:1)
Google Pack not cool, Firefox Check for Updates is (Score:3, Insightful)
When I tried Google Pack I found it didn't bundle the latest versions of the software it installs, so several immediately had to download additional updates!
At one point my Windows PC had 7 different update programs running [skierpage.com]: Adobe Acrobat updater, Apple Updater, Flash updater, GoogleUpdate.exe and GoogleUpdaterService.exe, Java update (jusched.exe?), LavaSoft Ad-Aware updater, Symantec LiveUpdate (AluSchedulerSvc.exe?), ThinkVantage updater, Windows update. And that's after I turned off several others in M
Re: (Score:2)
limited access and Firefox Check for Updates (Score:2)
That sounds as expected to me. If you have limited rights you can't install or update software, unless you installed it in your own directory.
Anyway, the bugs are filed and Mozilla is working on making it better, see the comments from Robert S. in the thread http://forums.mozillazine.org/viewtopic.php?f=9&t=1587505 [mozillazine.org]
Adobe also uses Akamai Download Manager (Score:5, Interesting)
That's two strikes now for Adobe. As TFA says, Adobe also uses the Akamai Download Manager [adobe.com] for downloads from the Adobe Store. This thing installs itself and runs *forever*, not just for the download you paid for in the store.
It has a P2P mode where client machines (that's *you*, sucker) distribute the downloaded software using your bandwidth in the background. Is there an icon in the taskbar letting you know? Nope, it runs silent and deep (it does show up as Akamai something-or-other in Process Explorer).
It's like running BitTorrent and donating your bandwidth to Akamai and their friends. Except not on purpose.
But hey, you probably clicked through a EULA that you didn't read, so it's all on you right?
Adobe is not 20 years old (Score:1, Redundant)
"Not all is worth cheering about as Adobe turns 20,"
Photoshop is turning 20 this month, not Adobe, which was founded in 1982.
The Tragedy of Adobe (Score:3, Informative)
Instead of getting off my lawn, sit down and I'll tell you kids a story: In the Good ole days Adobe and it's founder John Warnock (or Warnock's Algorithm fame) were heroes. At the time most of us had ugly dot matrix printers and fixed fonts, they came up with the PostScript printer description language and many beautiful fonts. Buy a Postscript printer and you could print beautiful documents previously only typesetters could. When Apple licensed it for their laser printer desktop publishing took off. Warnock cared about beautiful fonts. Postscript was a full-blown programming language, yet a very efficient one. PDF itself *is* Postscript, just encapsulated in a file.
But Adobe then isn't Adobe now. Their Adobe Reader is an appalling, fat, unresponsive hard to drive piece of software. Ever configured options? There are twenty off preference pages with no coherent grouping. They still haven't grasped things like reopening the document where you last were reading it, or letting you add bookmarks. Instead they've loaded Adobe with a tonne of "features" to the point it's now a trojan horse vector. The company itself is no longer a source of innovation: Instead they just buy out other companies (like Macromedia Flash) and then run them into the ground. Their software uniformly suffers from appalling GUIs (or if it doesn't when they buy it, they shortly will) e.g. Photoshop, but when you're that big you can afford to be that arrogant. People will buy your software anyway, because they don't have a choice.
Yes, there are some PDF Reader imitators like Foxit Software. While they're much faster, they have copied the Adobe interface instead of themselves innovating.
The Adobe Updater is an intrusive pain in the ass. In a previous version, you had to connect to the net and then connect to Adobe to turn off the Updater. This was "free" software, so this wasn't for licensing: It was just lame in-your-face programming by lame programmers. If you try and deleted the Updater yourself, it reinstalled itself. In the end I found out if you deleted it (in your Program Files directory) and then replace plain files with directories and directories with plain files so when it goes try and reinstall itself Windows tells it to get lost.
Re: (Score:2)
Sadly, Adobe has turned into Symantec. A once-innovative software company now being plundered by MBA/PHB/Marketroid types only looking for short-term profit. Things will only reach a turning point once corporate IT departments stop installing Acrobat Reader and Adobe is forced by the market to innovate again.
Adobe Reader 9 Installer (Score:3, Insightful)
Re: (Score:2)
You most certainly can get rid of that monster. Go get Sumatra PDF [kowalczyk.info]. 1.2 MB of joy.
Re: (Score:2)
I wouldn't recommend summatra pdf :(. It's slow and sometimes it has problems displaying some .pdfs. Foxit reader is kind of annoying in so many ways... there must be a better reader somewhere.
Too common. (Score:2)
This stealthy downloading & installation is becoming very common even by well known companies, Safari constantly attempts a stealthy install of iTunes.