Adobe should consider partnering with Microsoft in order to fully offer a complete and efficient patching service, according to Kaspersky Lab researcher Roel Schouwenberg.
After Adobe denied that it was planning to increase its patching schedule from 90 days to 30 this week, Kaspersky's senior anti-virus researcher in the global research and analysis team, Roel Schouwenberg, said that an increased time frame 'would help them respond more quickly, but other than that there is not much it will do' in terms of Adobe security.
Speaking at Kaspersky Lab's Security Analyst Summit in Cyprus, Schouwenberg said: “Maybe Adobe should partner with Microsoft and potentially push through its patches through Windows updates.”
He also commented that auto updating needs to be added in Adobe Reader, as the auto updater is configured to download updates but not automatically install them.
Kaspersky Lab released its 'Information Security Threats in the First Quarter of 2010' report this week, which revealed that Adobe products are currently the primary target for hackers and virus writers worldwide due to their prevalence and multi-platform capabilities.
Furthermore, users of Adobe products are often unaware of the potential threat they are incurring by opening PDF files of unknown origin. Schouwenberg likened Adobe to Microsoft in 2001/2 when 'they had a zero-day for Internet Explorer every other week', but claimed that companies are continuing to use version 7 of Adobe Reader when the most up-to-date is 9.3.2.
He said he was speaking to a 'hi-tech IT company' in America who were still using Reader 7, and this amazed him, as such a company should be using the latest product. He also claimed that vulnerabilities are not being patched so users are being exploited.
He said: “An auto updating infrastructure would allow auto updates. Adobe makes a lot of noise about updating the Reader but they are not asking users to add automatic updates, the user has to manually go into the settings of the program and change the update in the settings. Adobe does not even have plans to update the settings and they are merely considering it – that is simply not enough.
“If they are really serious about changing the threat landscape and making the product less vulnerable to attack then they need to enable automatic updates. There is simply no other way.”