CAN ADOBE BEAT BACK THE HACKERS?
From BusinessWeek | 2009-11-26 17:47:27
<div><h1>CAN ADOBE BEAT BACK THE HACKERS?
</h1><p>For years, Adobe Systems has occupied a quiet corner of the personal-computer industry. Photographers and designers use its software to clean up photos and set up Web sites. Workers everywhere trade electronic documents formatted with Adobe's programs, often without knowing the company behind the software.
</p><p>
Now Adobe is attracting the unwanted attention of hackers--and security experts are concerned the company isn't doing enough to repel assaults. So far this year, Adobe has released nine security updates for the current version of its Acrobat Reader software, up from four in 2008, says Moscow security firm Kaspersky Lab. Adobe appears to have replaced Microsoft as the primary means by which hackers try to infect or take control of PCs. "Adobe at the moment is the main target," says Roel Schouwenberg, a Kasperky senior antivirus researcher in Woburn, Mass. </p><p>
Historically, Adobe hasn't had to contend with attacks, so it hasn't been focused on potential weaknesses. But as Microsoft has toughened up its security, Adobe has become a more tempting prey. Its software, particularly Flash for Web video and Reader for documents, is loaded on virtually every personal computer. </p><p>
Vulnerabilities in such widely used software can cause myriad problems. More than a dozen sites, including those of The New York Times, USA Today, and Nature, have been infected with fake ads that exploit Adobe software. In the case of the Times, if Web surfers clicked on an ad for antivirus software, malicious code would take control of their computers through Flash and direct them to a site infested with malware. Other attacks circulate via e-mail, with virus-laden PDF files that open in Acrobat Reader. </p><p>SCRAMBLING TO RESPOND </p><p>Security specialists fret Adobe lacks the firepower to stop the attacks. With an estimated $2.9 billion in sales this year, the company is one-twentieth the size of Microsoft, with a much smaller engineering staff. Microsoft issues monthly security patches for Windows and gives away antivirus software. Adobe said in May it would begin releasing regular quarterly security fixes for Reader in September and then missed that deadline by a month. A second update will be delayed until January. "So far there's been no consistency at all," says Chet Wisniewski, a security analyst at antivirus software maker Sophos. </p><p>
Adobe concedes its popularity with hackers is growing but says it is gaining the upper hand. It has five times as many engineers working on security as two years ago and has trained its entire Reader team on safe programming practices. "We're over the hump of being reactive," says Chief Technology Officer Kevin M. Lynch. Adobe has sought security advice from Microsoft and Google. </p><p>
If it gets a handle on its security problems, hackers will turn their attention elsewhere. Yahoo!'s instant messenger and Apple's iPhone, for example, are starting to see attacks. </p><p>
The case of Adobe illustrates a conundrum for tech companies: They need to balance spending on new products, which brings in revenue, with spending on security, which doesn't. Adobe, though solidly profitable, laid off 680 people, 9% of its workforce, on Nov. 10. The need to step up security spending is "not an uncommon problem, but Adobe's going to have to get their arms around it," says Rob Enderle, president of consultant Enderle Group. </p><img src="http://admatch-syndication.mochila.com/images/ad.gif?aid=64263838&bid=informcom" /></div><div id="copyright"><div>
Now Adobe is attracting the unwanted attention of hackers--and security experts are concerned the company isn't doing enough to repel assaults. So far this year, Adobe has released nine security updates for the current version of its Acrobat Reader software, up from four in 2008, says Moscow security firm Kaspersky Lab. Adobe appears to have replaced Microsoft as the primary means by which hackers try to infect or take control of PCs. "Adobe at the moment is the main target," says Roel Schouwenberg, a Kasperky senior antivirus researcher in Woburn, Mass. </p><p>
Historically, Adobe hasn't had to contend with attacks, so it hasn't been focused on potential weaknesses. But as Microsoft has toughened up its security, Adobe has become a more tempting prey. Its software, particularly Flash for Web video and Reader for documents, is loaded on virtually every personal computer. </p><p>
Vulnerabilities in such widely used software can cause myriad problems. More than a dozen sites, including those of The New York Times, USA Today, and Nature, have been infected with fake ads that exploit Adobe software. In the case of the Times, if Web surfers clicked on an ad for antivirus software, malicious code would take control of their computers through Flash and direct them to a site infested with malware. Other attacks circulate via e-mail, with virus-laden PDF files that open in Acrobat Reader. </p><p>SCRAMBLING TO RESPOND </p><p>Security specialists fret Adobe lacks the firepower to stop the attacks. With an estimated $2.9 billion in sales this year, the company is one-twentieth the size of Microsoft, with a much smaller engineering staff. Microsoft issues monthly security patches for Windows and gives away antivirus software. Adobe said in May it would begin releasing regular quarterly security fixes for Reader in September and then missed that deadline by a month. A second update will be delayed until January. "So far there's been no consistency at all," says Chet Wisniewski, a security analyst at antivirus software maker Sophos. </p><p>
Adobe concedes its popularity with hackers is growing but says it is gaining the upper hand. It has five times as many engineers working on security as two years ago and has trained its entire Reader team on safe programming practices. "We're over the hump of being reactive," says Chief Technology Officer Kevin M. Lynch. Adobe has sought security advice from Microsoft and Google. </p><p>
If it gets a handle on its security problems, hackers will turn their attention elsewhere. Yahoo!'s instant messenger and Apple's iPhone, for example, are starting to see attacks. </p><p>
The case of Adobe illustrates a conundrum for tech companies: They need to balance spending on new products, which brings in revenue, with spending on security, which doesn't. Adobe, though solidly profitable, laid off 680 people, 9% of its workforce, on Nov. 10. The need to step up security spending is "not an uncommon problem, but Adobe's going to have to get their arms around it," says Rob Enderle, president of consultant Enderle Group. </p><img src="http://admatch-syndication.mochila.com/images/ad.gif?aid=64263838&bid=informcom" /></div><div id="copyright"><div>
Copyright 2009 <a href="http://www.businessweek.com">BusinessWeek</a></div></div>
Related Video by 5min
Related Articles
- A trend? Intel releases $125 'affordable' SSD Computerworld | 2010-03-18 01:09:17
- Origin Genesis (Intel Core i7 920) CNET | 2010-03-17 20:34:44
- First Data, Tyfone work on mobile wallet Computerworld | 2010-03-17 15:04:06
- How to Fix a White Vertical Line on a Sony WEGA Plasma TV eHow | 2010-03-17 18:15:53
- Intel Boosts PC Speed with New $125 Solid-State Drive Sci-Tech Today | 2010-03-17 18:48:59
- COM Express module takes the heat LinuxDevices.com | 2010-03-17 16:49:26
Related Blogs
- High prices make Apple reluctant to strike longterm NAND flash deals Apple Insider | 2010-03-16 08:27:17
- New computer is dreadfully slow HelpLine: chron.com | 2010-03-17 14:23:43
- The Digital Storm BlackOPS PC gets the Core i7-980X treatment CrunchGear | 2010-03-16 14:50:25
- FormFactor: Huge Upside Potential, But With Risk Blogging Stocks | 2010-03-16 17:45:17
- North America getting its own Metal Gear Solid: Peace Walker PSP bundle Joystiq | 2010-03-16 14:03:24
