Microsoft and Adobe Systems each issued security updates on Tuesday. Redmond released a single patch to plug a flaw that’s not terribly scary, unless you happen to be running Windows 2000. Adobe’s patch bundle, however, covers at least eight critical security flaws, including one that hackers have been exploiting in targeted attacks of late.
The Adobe update, available from this link, brings Acrobat and Reader installations to version 9.3. Updates are available for Windows, Mac and UNIX systems. Adobe has special instructions here for those who cannot for whatever reasons upgrade and need to stick with the 8.x version of these programs.
Adobe was one of those programs that I nixed from most of my Windows systems a while ago, and I’ve never looked back (QuickTime and Java were the others). I’ve been using the free Foxit Reader on all of the Windows systems that I manage, and have been quite pleased with it. Your mileage may vary.
Microsoft pushed out a single new patch that plugs a flaw in the way Windows processes certain types of fonts. Redmond labeled the bug a “low” severity rating for every supported version of Windows except Windows 2000, for which it assigned the flaw a “critical” rating (critical flaws can be exploited by malware or hackers without any action by the user, save for visiting a Web site maybe). The patch is available through Windows Updates or via Automatic Updates.
As always, please drop a note in the comments with your two cents, and let us know you experienced any problems, oddities or frustrations installing either of this updates.
You write that you no longer use “Java.” What has replaced that? Never read anything about an alternative. Thanks. KUGW. (Keep Up the Good Work.)
Hi John. Nothing. I simply have not had the need to use Java. Plenty of applications require it, but I guess I’m not using those apps either. Again, YMMV.
Hi Brian,
I quit using Java long ago after reading one of your Washington Post columns about it. Like you, I haven’t missed it and — apparently — don’t use any sites that require it.
Thanks for all you do!
John
Thanks, Brian. Once in the last five years has JAVA been useful. In a trouble call to Verizon, the sweetheart in India used it to “drive the bus” around my system to get my wireless running.
Brian, Thanks for your invaluable work. I follow your dispatches regularly.
Request: I have banished Adobe as well (in favor of Sumatra) but not Quicktime or Java, as you have. Would you give your thinking about those?
It’s probably not entirely fair of me to bash Java and QT, because their patching process and software itself has gotten less obnoxious over the years. But QT still tries to add itself to startup options all over the system, change file types, etc. Trouble is, if you use iTunes, it can be really hard to keep it up to date without also installing QT. There is an iTunes-only installer, but it’s not typically available at the same time as the regular iTunes updates.
My big problem with Java in the past has been that they had a total disregard for end users, and focused their update process mainly on business/enterprise users. Consequently, for years and years Sun would leave dozens of copies of 100mb installations of Java on your system long after you upgraded. Sometimes, the vulnerabilities in older versions could be invoked even though that older version wasn’t set as the default anymore. Again, Sun has fixed that particular problem, but as I said it was one of those things where I just got tired of dealing with the craziness and decided I could live without Java. But there aren’t any alternatives to Java that I know of (please someone correct me if I am wrong here).
I still use (the latest) Adobe Reader, but am going to keep it’s Java option turned off. It’s apparently not needed for the type of *.pdf document that I read.
I am guessing you mean Javascript.
You can turn of javascript in Adobe Reader through the following navigation:
Edit > Preferences > Categories > JavaScript > Uncheck “Enable Acrobat JavaScript”
It turns out, there are two programming languages with very similar names out there: JavaScript, and Java.
http://en.wikipedia.org/wiki/JavaScript
http://en.wikipedia.org/wiki/Java_(programming_language)
I, too use Foxit and love it. It loads much faster than Adobe Reader. I require Java for multiple development apps (including Eclipse), but I do disable Java in all my web browsers as a precaution. I also went back and scrubbed older versions a while back. The Java updater no longer leaves the previous version behind when you update.
You can also update Acrobat from within by going to Help -> Check For Updates.
Hemipshere — And when you do that today with 9.2.x, does it tell you that 9.3 is available for download and install?
Since you nixed QT, do you use iTunes?
I have itunes + QT on a server dedicated to several functions, one of which includes connecting my iphone and managing my music. it’s not a server i use to do much else though.
Brian:
Many thanks for continuing to post security updates.
Yes, when you go to “check for updates” in 9.2.x, it does tell you that 9.3 is available. The download takes 10 minutes, even with DSL.
Re: Java – it’s a must-have, if one does the NYTimes crossword puzzles online.
A decade or more ago I changed from Netscape to Opera, which installed with Java disabled. I never did find a reason to enable it. It is used by gamers?
Opera allows me to turn off JavaScript for individual web sites, which I appreciate.
I use and like Foxit but am confused by the way it tries to update.
Java never caught on like Sun expected. I program in Java, but not for client-side apps. I use a number of Java apps on my desktop. You can’t avoid them if you’re involved with Semantic Web technologies. But I think you’re right that the average web surfer could ignore Java.
Some of the Java apps I use are even tied to specific Java versions. I’m therefore grateful Sun didn’t automatically remove old versions. But I sure agree that it clutters one’s computer. And I’d still have lots of versions I didn’t need if I didn’t do some sysadmin on my own.
Keep fighting the good fight!
For Linux, there is a Java alternative called OpenJDK, which is an open source version of Java; however, is it safer than Java? I have not read anything about that.
On my personal systems, I’ve long ago tossed Java to the curb along with Adobe, Quicktime and Real Player. Therefore, I refuse to use iTunes or for that matter any Apple product (that’s a different story for another time). Unfortunately, at work they use Java extensively with many in-house developed server systems and end user applications. Not a day goes by where we have a server crash with heap dumps because of Java, which causes major outages. Not to mention all the various end user issues we have to deal with when Java misbehaves. Then there are the issues where certain applications only work with certain versions of Java. It’s a mess to say the least. Thus, I loathe Java. And that’s not even beginning to deal with the security implications it brings.
Meant to say, “Not a day goes by where we DON”T have a server crash with heap dumps because of Java”.
You can also hit Ctrl+k, go to Security (Enhanced) and check Enhanced Security. That will disable javascript _that writes to your c: drive or tries to access an external website_. Other javascript will be allowed to run.
I don’t let anything Adobe on any of my computers, and VLC has met all my player needs for a while, but life would be way too rough without my TiddlyWikis, so Javascript remains a necessity (though I keep that puppy on a short leash). :-/