Adobe Reader vulnerability

Status
Not open for further replies.
Ink

Ink

Administrator
Verified
Staff Member
Well-known
Jan 8, 2011
22,361
Less installed plugins = Less surface areas of attack from exploits or other vulnerabilities.

Out-dated plugins also increase your risk significantly.

Example:
- Updated Browser 1 with A, B and C plugins.
- Updated Browser 2 with A plugin only.

Browser 2 is less vulnerable to than Browser 1.


Biozfear said:
How exactly would uninstalling unused software/plugins make you safer as I fail to understand that point. I would understand perfectly if you mean makes your computer faster but safer?
Click to expand...
 
Exterminator

Exterminator

Community Manager
Thread author
Verified
Staff Member
Well-known
Oct 23, 2012
12,527
Java aside the problem is that attackers exploit software that is used by a large majority of people worldwide.This doesnt necessarily mean the software is bad or a security risk,again Java aside.If your an attacker exploiting a PDF program what is the point of exploiting ACME Pdf reader.When you can increase your chances with something millions use.
 
P

Plexx

Earth said:
Less installed plugins = Less surface areas of attack from exploits or other vulnerabilities.

Out-dated plugins also increase your risk significantly.

Example:
- Updated Browser 1 with A, B and C plugins.
- Updated Browser 2 with A plugin only.

Browser 2 is less vulnerable to than Browser 1.
Click to expand...

Yeah that makes sense if the user Uses the browser with plugins. If the Browser is unused, then there is no risk compared to if it was used. At least is how I understand.

But mixing the "idea" of software/plugins example by Bo with Adobe Reader in this particular case makes no sense.

I thought I have misunderstood the report on the vulnerability, but exterminator has cleared it up for me.
 
R

Ramblin

Level 3
May 14, 2011
1,014
Reading this two articles give a good idea why is a smart practice to get rid of plugins that we don't use. In case anybody thinks that Java is the only plugin that gets exploited, the articles are about Quicktime.

http://laws.qualys.com/2012/05/apple-security-update-fixing-q.html

http://voices.washingtonpost.com/securityfix/2007/11/exploit_released_for_unpatched_3.html

illumination said:
If we were to uninstall everything that has had or has a chance of vulnerabilities/having a vulnerability, we would never make it to the internet, instead we would be staring a the pretty blank/black screen of a computer not running ;) :D
Click to expand...

Illumination, the above is a myth. I learned that four years ago when I got rid of Java and most of the plugins that were installed in my computer at the time and saw that I was able to do everything that I usually do. If you don't try it, you ll never know.

Everybody should have an strategy on how to remain clean. Mine is very simple. uninstalling unnecessary programs, plugins, etc and only installing whats necessary is part of mine. The reason: Its explained in the first line of Earths post.

If anybody thinks that an updated plugin is safe, its wrong. There is always a hole that someone knows about it or is about to be discovered, exploited and patched afterward.

Bo
 
I

illumination

bo.elam said:
Reading this two articles give a good idea why is a smart practice to get rid of plugins that we don't use. In case anybody thinks that Java is the only plugin that gets exploited, the articles are about Quicktime.

http://laws.qualys.com/2012/05/apple-security-update-fixing-q.html

http://voices.washingtonpost.com/securityfix/2007/11/exploit_released_for_unpatched_3.html

illumination said:
If we were to uninstall everything that has had or has a chance of vulnerabilities/having a vulnerability, we would never make it to the internet, instead we would be staring a the pretty blank/black screen of a computer not running ;) :D
Click to expand...

Illumination, the above is a myth. I learned that four years ago when I got rid of Java and most of the plugins that were installed in my computer at the time and saw that I was able to do everything that I usually do. If you don't try it, you ll never know.

Everybody should have an strategy on how to remain clean. Mine is very simple. uninstalling unnecessary programs, plugins, etc and only installing whats necessary is part of mine. The reason: Its explained in the first line of Earths post.

If anybody thinks that an updated plugin is safe, its wrong. There is always a hole that someone knows about it or is about to be discovered, exploited and patched afterward.

Bo
Click to expand...

I was just trying to inject some humor into the thread, seems it needed it there for a minute. Although with this humor does come some truth, as there is vulnerabilities in just about everything we use now days. You are correct that updated plugins may not save the computer from those said vulnerabilities, but a completely updated system/internet security will surely lower the risk. We all know nothing is 100%.. I do agree if your not going to use it, you might as well not have it on the system. I do not agree that every time one of these articles pops up stating there is a vulnerability about, we should run and uninstall the effected program, especially if we use that program, even if just every once in a while.
 
R

Ramblin

Level 3
May 14, 2011
1,014
If we use the program, we should keep the program, that's what you are saying above and I agree. I always say, uninstall if its not needed.

In my opinion, the rule of thumb is simple, I need the program, I keep it. For example, Flash is exploited all the time and I don't uninstall it because I use it. The reason to uninstall is not the exploit but whether we use the program/plugin or not. That is what makes me install/keep a program or not.

Illumination, the feeling that I got the day that I cleaned my browsers of 13 plugins or Actives X is indescribable, up to that day, I thought those plugins came with the browser and they don't. If I uninstall Flash and do a clean install of Firefox, my plugin list shows nothing. I am a lot safer by having nothing show up in that list than by having 13 things that I didn't even know how they got there.

By the way, learning about Java and plugins were the first steps that I took regarding learning about computer security. I spend about a month just learning about this things.

Let me tell you something else, I m no computer guy but I learned to be safe without using antiviruses or other traditional programs, like Firewalls, doing it instead by using common sense, NoScript and Sandboxie.

You know, people talk about common sense all the time but is basically talk only. You ll never read me talking about common sense but I use it 100% of the time while using a computer.

Getting rid of unnecessary software and only installing whats necessary makes sense.

Bo
 
Status
Not open for further replies.

Similar threads

silversurfer
    • Like
    • +Reputation
CISA Warns of Attacks Exploiting Adobe Acrobat Vulnerability
Replies
0
Views
1,097
News Archive
silversurfer
silversurfer
Gandalf_The_Grey
    • Like
    • +Reputation
Security News The February 2024 Security Update Review
Replies
3
Views
980
Security News
Gandalf_The_Grey
Gandalf_The_Grey
Gandalf_The_Grey
    • Like
    • +Reputation
The April 2023 Security Update Review
Replies
2
Views
1,317
News Archive
Gandalf_The_Grey
Gandalf_The_Grey

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top