A combination of factors have obligated me to "upgrade" from Acrobat 4.x to Acrobat 7.0.7 on Windows. I note the presence of the mysterious Adobelm_Cleanup.0001 and Adobelmsvc.exe services in the system. Does this mean that the Acrobat installer has secretly written to my disk drive without telling me, in the same rootkit-style way that CS products do?
Also, I now have Acrobat 4.x and Acrobat 7.x both installed on the machine and running independently. Am I correct in assuming that I can uninstall 4.x once I've tested everything out without breaking anything on the machine? I purchases Acrobat 7.x as an upgrade, but I don't know how it verifies the presence of 4.x (since 4.x was already on the machine, I guess it probably took note of its presence--but if I ever need to reinstall ...).
-- Transpose mxsmanic and gmail to reach me by e-mail.
(1) Adobe does nothing to "corrupt your disk drive" and for that matter, no other Adobe application does anything to corrupt your disk drive. And Adobe applies no "rootkits" to your system. Where did you get that misinformation from? The filenames you cite are related to product activation, but said product activation does not use any "rootkit" nor does it corrupt your disk. You may not "like" product activation, but please don't distort what is actually done with it.
(2) Adobe strongly recommends that you not attempt to have multiple versions of Acrobat and/or any combinations of Adobe Acrobat and Adobe Reader concurrently installed. Although it is physically possible to do this, the fact is that because they have interactions with browsers, printer ports, and PostScript driver plug-ins, mulitple versions can and will interfere with each other. Usually, but not always, the last software installed "wins" so to speak. To "clean" your system, I would first de-activate Acrobat 7, uninstall Acrobat 7, uninstall Acrobat4, uninstall any and all versions of "Reader" and then reinstall and reactivate Acrobat 7.
Mxsmanic wrote: > A combination of factors have obligated me to "upgrade" from Acrobat > 4.x to Acrobat 7.0.7 on Windows. I note the presence of the > mysterious Adobelm_Cleanup.0001 and Adobelmsvc.exe services in the > system. Does this mean that the Acrobat installer has secretly > written to my disk drive without telling me, in the same rootkit-style > way that CS products do?
> Also, I now have Acrobat 4.x and Acrobat 7.x both installed on the > machine and running independently. Am I correct in assuming that I > can uninstall 4.x once I've tested everything out without breaking > anything on the machine? I purchases Acrobat 7.x as an upgrade, but I > don't know how it verifies the presence of 4.x (since 4.x was already > on the machine, I guess it probably took note of its presence--but if > I ever need to reinstall ...).
> -- > Transpose mxsmanic and gmail to reach me by e-mail.
Dov Isaacs writes: > (1) Adobe does nothing to "corrupt your disk drive" and for that > matter, no other Adobe application does anything to corrupt your disk > drive. And Adobe applies no "rootkits" to your system. Where did you > get that misinformation from?
It's not misinformation. Adobe CS products use a variation of the Macrovision SafeCast system, which does direct physical writes to specific sectors on your hard drive, bypassing the security of Windows and compromising system security. I believe it writes directly to physical sector 32, which nobody is supposed to touch (not even Adobe).
> The filenames you cite are related to > product activation, but said product activation does not use any > "rootkit" nor does it corrupt your disk.
See above. This was all discussed when the first rootkit versions of Adobe products came out (CS versions for Windows), but I guess people have short memories, or they don't care what software does behind their backs.
> You may not "like" product activation, but please don't distort > what is actually done with it.
If it doesn't work as above, then describe exactly what it is doing.
> (2) Adobe strongly recommends that you not attempt to have multiple > versions of Acrobat and/or any combinations of Adobe Acrobat and Adobe > Reader concurrently installed. Although it is physically possible to do > this, the fact is that because they have interactions with browsers, > printer ports, and PostScript driver plug-ins, mulitple versions can > and will interfere with each other. Usually, but not always, the last > software installed "wins" so to speak. To "clean" your system, I would > first de-activate Acrobat 7, uninstall Acrobat 7, uninstall Acrobat4, > uninstall any and all versions of "Reader" and then reinstall and > reactivate Acrobat 7.
Acrobat said nothing about this at installation time, and in fact the EULA says that I can keep both versions on the machine while I transition from one to the other.
I need to know _specifically_ what will interfere with what; I cannot just install and deinstall in some helter-skelter way on the assumption that everything will turn out right. The system seems stable now, but I am wondering if it will remain so if I remove Acrobat 4.x.
Note that the products are installed into separate directories on the system.
-- Transpose mxsmanic and gmail to reach me by e-mail.
In article <1d9nv1dghmotcqbcamgfmg87kqkke4a...@4ax.com>, Mxsmanic
<mxsma...@gmail.com> wrote: > It's not misinformation. Adobe CS products use a variation of the > Macrovision SafeCast system, which does direct physical writes to > specific sectors on your hard drive, bypassing the security of Windows > and compromising system security. I believe it writes directly to > physical sector 32, which nobody is supposed to touch (not even > Adobe).
It's been demonstrated on the Mac that it writes to system sound files.
-- Do the right thing. It will gratify some people and astonish the rest. - Mark Twain.
No "rootkit" has ever been installed by Adobe software. Yes, the activation facility of Adobe's software, similar to that of Microsoft and other software vendors, does put information in otherwise non-accessible disk sectors, but that (a) is not what a "rootkit" is (you obviously don't know what a rootkit is -- the recent Sony episode was a "rootkit" -- something very different than what the activation software does) and (b) is not "corrupting" your disk. What function of your disk system no longer properly functions and is "corrupted?" The only disk function that we found was problematic with regards to the product activation feature of Acrobat 7 and application in Photoshop 8 and subsequently in the applications of Creative Suite 2 was with relationship to a bug in a limited number of RAID disk systems. We have worked with any users affected to bypass this problem and with the driver writers to get the problem resolved.
Obviously, Adobe isn't going to publicly document every aspect of its activation mechanism. Doing that would obviously make that mechanism meaningless. We're not stupid!
You are correct that the EULA certainly does not prohibit concurrent installation of multiple versions of Acrobat and/or Reader on a single system. It isn't a legal issue. It is a practical issue. My advice to you, based on dealing with THOUSANDS of Acrobat users and their problems is not to attempt this. It really doesn't buy you any functionality or features (Acrobat 7 is much improved both in functionality, quality, stability, and performance over Acrobat 4). Having both installed may result in improper operation of the AdobePDF PostScript printer driver instance, PDFMaker for Office, and/or possibly the ability to deal with PDF files in browser windows. If you remove Acrobat 4, you may very likely find your Acrobat 7 installation corrupted. Follow the directions I provided to you to deactivate 7, uninstall 7, uninstall 4, reinstall 7, and reactivate.
Dov Isaacs writes: > No "rootkit" has ever been installed by Adobe software. Yes, the > activation facility of Adobe's software, similar to that of Microsoft > and other software vendors, does put information in otherwise > non-accessible disk sectors, but that (a) is not what a "rootkit" is ...
That's exactly what a rootkit is. A rootkit bypasses or replaces the operating system. Any software that is writing directly to the disk outside the filesystems supported by the OS is replacing the OS, and is therefore a rootkit.
> ... and (b) is not "corrupting" your disk.
I may need the sector that the Adobe activation software is corrupting.
> What function of your disk system no longer properly functions > and is "corrupted?"
The part that limits disk access to trusted parts of the OS kernel, which Adobe has brazenly, irresponsibly, deliberately, and negligently bypassed.
> The only disk function that we found was problematic with regards to the > product activation feature of Acrobat 7 and application in Photoshop 8 > and subsequently in the applications of Creative Suite 2 was with > relationship to a bug in a limited number of RAID disk systems. We have > worked with any users affected to bypass this problem and with the > driver writers to get the problem resolved.
> Obviously, Adobe isn't going to publicly document every aspect of its > activation mechanism. Doing that would obviously make that mechanism > meaningless. We're not stupid!
I already know that it corrupts disk sectors outside the filesystem; that's stupid enough. Does Adobe have no ethics at all?
> You are correct that the EULA certainly does not prohibit concurrent > installation of multiple versions of Acrobat and/or Reader on a single > system. It isn't a legal issue. It is a practical issue. My advice to > you, based on dealing with THOUSANDS of Acrobat users and their > problems is not to attempt this. It really doesn't buy you any > functionality or features (Acrobat 7 is much improved both in > functionality, quality, stability, and performance over Acrobat 4).
Yes, Acrobat 7 can transmit viruses much more easily, from what I've seen. I've tried to turn off as much as possible, but perhaps Adobe isn't documenting all of that, either.
> Having both installed may result in improper operation of the AdobePDF > PostScript printer driver instance, PDFMaker for Office, and/or > possibly the ability to deal with PDF files in browser windows. If you > remove Acrobat 4, you may very likely find your Acrobat 7 installation > corrupted. Follow the directions I provided to you to deactivate 7, > uninstall 7, uninstall 4, reinstall 7, and reactivate.
It seems to be working now; given what Adobe has done to my disk drive, perhaps I would be better off leaving things as-is.
-- Transpose mxsmanic and gmail to reach me by e-mail.
>> That settles it: I'm only going to pirate up to version 6.
> What changes between 6 and 7?
> -- > Transpose mxsmanic and gmail to reach me by e-mail.
Well, there are more tools for pre-press, but I'm a designer. My favorite thing is the ability to send proofs to clients that include editing tools they can use to mark up the PDF and email it back to me. If more than one person is making corrections, each person's edits are identified, but they're merged.
My fax machine has taken a permanent lunch break ...
Dave Balderstone <dave...@balderstone.ca> wrote: > In article <1d9nv1dghmotcqbcamgfmg87kqkke4a...@4ax.com>, Mxsmanic > <mxsma...@gmail.com> wrote: >> It's not misinformation. Adobe CS products use a variation of the >> Macrovision SafeCast system, which does direct physical writes to >> specific sectors on your hard drive, bypassing the security of Windows >> and compromising system security. I believe it writes directly to >> physical sector 32, which nobody is supposed to touch (not even >> Adobe). > It's been demonstrated on the Mac that it writes to system sound files.
It also write into /Applications/Safari.app/Contents/Frameworks/ without any warning.
Dov Isaacs <isa...@adobe.com> wrote: > Let's try this again ... > No "rootkit" has ever been installed by Adobe software. Yes, the > activation facility of Adobe's software, similar to that of Microsoft > and other software vendors, does put information in otherwise > non-accessible disk sectors,
Which is *completely* unacceptable.
What if *I* put some information there and you just overwrite it? After all it's *my* disk, not yours.
Marcel Weiher writes: > Which is *completely* unacceptable.
> What if *I* put some information there and you just overwrite it? > After all it's *my* disk, not yours.
Exactly. And it bypasses the OS to do this, which makes it a rootkit. The only reason Adobe has not found itself in trouble yet is that its products are much less known and used than are Sony CDs and TurboTax.
I have no quarrel with copy-protection schemes per se, but I expect them to behave better than the bad guys. Adobe's scheme is actually a throwback to the MS-DOS days, when any program did anything it wanted, especially for copy protection. Remember how much fun that was?
One wonders what the purpose of a secure operating system is if software simply bypasses it as soon as it's running. I knew there was something wrong with Adobe's software as soon as I was told that I had to boot the system to complete installation. You never have to boot XP to install any user software ... unless it is modifying the operating system. Why would Acrobat need to modify the operating system? Hmm.
-- Transpose mxsmanic and gmail to reach me by e-mail.
In article <5a25021uualptnv96eet7g2nl84jiei...@4ax.com>, Mxsmanic
<mxsma...@gmail.com> wrote: > One wonders what the purpose of a secure operating system is if > software simply bypasses it as soon as it's running. I knew there was > something wrong with Adobe's software as soon as I was told that I had > to boot the system to complete installation. You never have to boot > XP to install any user software ... unless it is modifying the > operating system. Why would Acrobat need to modify the operating > system? Hmm.
And this is the point where Adobe's Dov Isaacs will suddenly no longer reply to any questions...
-- Do the right thing. It will gratify some people and astonish the rest. - Mark Twain.
In <5a25021uualptnv96eet7g2nl84jiei...@4ax.com>, Mxsmanic wrote: > Exactly. And it bypasses the OS to do this, which makes it a > rootkit.
I agree that apps shouldn't be writing directly to disks, by passing the operating system, but still, yours is an idiosyncratic use of the word "rootkit."
John Doherty writes: > I agree that apps shouldn't be writing directly to disks, by passing > the operating system, but still, yours is an idiosyncratic use of the > word "rootkit."
I'm not so sure. This copy protection completely sidesteps the OS. It uses a part of the disk that isn't even allocated to the current operating system--a part of the disk that it is not authorized to touch. It does physical I/O to these forbidden areas of the disk without asking or notifying the user, which is already a first-class breach of system security. It silently communicates with hosts on the Internet. Sure sounds like a rootkit to me. A rootkit is anything that usurps the operating system.
As I've said, this is a direct throwback to MS-DOS, when every program did whatever it wanted, often with catastrophic results if you tried to use a computer for more than one application. Apparently Macrovision has never advanced beyond MS-DOS thinking. And apparently Adobe cares nothing about user security, even though it seems paranoid about its own, and is willing to sabotage its own customers' computer systems to this end.
Unused sectors on track 0 don't even belong to the operating system, much less Adobe or Macrovision, and there is zero excuse to touch them. Anyone who touches these sectors is a black hat, no matter how many billions of dollars or how many lawyers he has behind him.
-- Transpose mxsmanic and gmail to reach me by e-mail.
In <c05802hf858j5a4m4piirqan703d4s5...@4ax.com>, Mxsmanic wrote: >> I agree that apps shouldn't be writing directly to disks, by >> passing the operating system, but still, yours is an idiosyncratic >> use of the word "rootkit." > A rootkit is anything that usurps the operating system.
That's not what most people mean when they say that, though. More typically, people mean something like this (from wikipedia):
A rootkit is a set of software tools frequently used by a third party (usually an intruder) after gaining access to a computer system. These tools are intended to conceal running processes, files or system data, which helps an intruder maintain access to a system without the user's knowledge.
The term "rootkit" (also written as "root kit") originally referred to a set of recompiled Unix tools such as "ps", "netstat", "w" and "passwd" that would carefully hide any trace of the intruder that those commands would normally display, thus allowing the intruders to maintain "root" on the system without the system administrator even seeing them.
A rootkit typically hides logins, processes, files, and logs and may include software to intercept data from terminals, network connections, and the keyboard.
And whatever Adobe is up to, I doubt it fits that description.
|
