I recommend uninstalling Flash if at all possible. Or for the advanced users, uninstall it anyway, and then use a virtual machine for those rare situations where you need that piece of programming Swiss cheese.

As for the Reader... yeah, you might toss that too, especially now that browsers and even Windows itself offer quite a decent PDF reading environment.

· actions · 2015-Oct-15 4:45 am ·

siljaline
I'm lovin' that double wide
Premium Member
join:2002-10-12
Montreal, QC
kudos:18

·Bell Fibe Internet

siljaline

Premium Member

2015-Oct-15 9:16 am

Many are suggesting disabling or removing Flash while Adobe fiddles for four days or so to release the zero-day patch.

Kill Flash: Adobe says patch to fix under-attack hole still days away -

Via @ theregister.com
»www.theregister.co.uk/20 ··· sh_flaw/

· actions · 2015-Oct-15 9:16 am ·

Ken1943
join:2001-12-30
Denver, CO

Ken1943 to siljaline

Member

2015-Oct-15 11:49 am

to siljaline

I have set FireFox to ask to use. I can only find one site I go that requires it. I doubt if a weather site
would be on a hackers list. ALTHOUGH

· actions · 2015-Oct-15 11:49 am ·

camper
just visiting this planet
Premium Member
join:2010-03-21
Bethel, CT
kudos:1

camper

Premium Member

2015-Oct-15 12:09 pm

I also have Firefox set to 'ask to use' for Flash. Lots of sites trigger the "ask", but very, very few sites actually need it for the content I want to view.

· actions · 2015-Oct-15 12:09 pm ·

siljaline
I'm lovin' that double wide
Premium Member
join:2002-10-12
Montreal, QC
kudos:18

siljaline to Ken1943

Premium Member

2015-Oct-15 4:55 pm

to Ken1943

Irrespective of your Browser platform - having Flash installed is an open door for attacks since it's currently (your installed version) is, zero-day. There's been jokes floating around about staying away from certain sites but we won't go there.

· actions · 2015-Oct-15 4:55 pm ·

bluepoint
join:2001-03-24

bluepoint to siljaline

Member

2015-Oct-18 9:54 am

to siljaline

Another update for Acrobat Reader (2015.009.20071).

· actions · 2015-Oct-18 9:54 am ·

Frodo
join:2006-05-05
kudos:1

·magicJack

Frodo to siljaline

Member

2015-Oct-18 8:39 pm

to siljaline

There is a nifty feature in EMET, the ASR feature that allows certain modules to be blocked for certain processes. One process I like to restrict whenever possible is Winhttp.dll, since it can be used to deposit malware.

I've noticed this popup ever since I updated to the latest version, which represents a change in how that process works on my machine. So far, the only files I have accessed are files already on the machine, not a file that may need internet access.

I get the popup on the startup of the reader, even if no PDF file is loaded. The reader still works right, so it is not critical that it accesses Winhttp.dll

· actions · 2015-Oct-18 8:39 pm ·

siljaline
I'm lovin' that double wide
Premium Member
join:2002-10-12
Montreal, QC
kudos:18

·Bell Fibe Internet

siljaline to bluepoint

Premium Member

2015-Oct-19 1:33 am

to bluepoint

Reader DC current version

My software seems to have auto-majically updated as well but I don't know how as I've got everything possible that would phone home disabled - yet here I am at the current version.

· actions · 2015-Oct-19 1:33 am ·

jupitermoon
join:2011-09-27

jupitermoon

Member

2015-Oct-19 3:31 am

said by siljaline :

My software seems to have auto-majically updated as well but I don't know how as I've got everything possible that would phone home disabled - yet here I am at the current version.

You are running Adobe Acrobat Reader DC which, like Windows 10, is designed to update automatically. It's possible to modify this behavior by running the Adobe Customization Wizard DC or by editing the registry manually? Did you do that?

If not, see the following links:

Adobe Customization Wizard DC
»www.adobe.com/support/do ··· pID=5892

Updater (basic settings)
»www.adobe.com/devnet-doc ··· _1_20396

In the second summary table, you can see the default setting for update mode for the DC products is 3: Automatically download and install updates. If you do this manually, you want to set it to 1: Do not download or install updates automatically.

If you haven't already, you might also want to disable the Adobe Acrobat Update Service and any related scheduled tasks.

Here's a thread on Adobe Communities which discusses the issue and reader reactions to it:
»forums.adobe.com/thread/ ··· tstart=0

Sadly, more and more control is being taken away from the user. Pfft!

This is one of the reasons I still use Adobe Reader X and XI.

· actions · 2015-Oct-19 3:31 am ·

siljaline
I'm lovin' that double wide
Premium Member
join:2002-10-12
Montreal, QC
kudos:18

·Bell Fibe Internet

siljaline

Premium Member

2015-Oct-19 12:43 pm

Adobe Update Service

Could have sworn I had disabled the Adobe Update Service - (you might not want to do this at home unless you are comfortable disabling Services) -

· actions · 2015-Oct-19 12:43 pm ·

planet
join:2001-11-05
Oz
kudos:1

·Cox HSI

planet to bluepoint

Member

2015-Oct-19 1:51 pm

to bluepoint

said by bluepoint:

Another update for Acrobat Reader (2015.009.20071).

Is this limited to DC only or is Acrobat Reader 11.0.13 due another update? I checked yesterday via internal updater and it said 11.0.13 was current.

· actions · 2015-Oct-19 1:51 pm ·

bluepoint
join:2001-03-24

bluepoint

Member

2015-Oct-19 4:21 pm

Don't know just reporting what I see. If there was an update for reader 11, it would have been out already.

· actions · 2015-Oct-19 4:21 pm ·

siljaline
I'm lovin' that double wide
Premium Member
join:2002-10-12
Montreal, QC
kudos:18

siljaline

Premium Member

2015-Oct-19 5:38 pm

Update checks can be manually activated by choosing Help > Check for Updates > usually does it and doesn't require a download landing page to fetch your newer version from.

· actions · 2015-Oct-19 5:38 pm ·

jupitermoon
join:2011-09-27

jupitermoon to planet

Member

2015-Oct-20 3:26 am

to planet

said by planet :

Is this limited to DC only or is Acrobat Reader 11.0.13 due another update? I checked yesterday via internal updater and it said 11.0.13 was current.

Adobe Acrobat Reader DC 15.009.20071 was an out-of-cycle patch released on October 14, 2015 to fix a bug introduced in the earlier 15.009.20069 continuous update.

4069884: Windows taskbar is visible in Full Screen mode if RHP is collapsed.

The following link has the version numbers, release dates, notes and type for the various versions of Adobe Reader:
»helpx.adobe.com/acrobat/ ··· der.html

It still shows 11.0.13 as the latest release for Adobe Reader XI, so either this bug didn't affect that version or Adobe didn't get around to fixing it yet.

· actions · 2015-Oct-20 3:26 am ·

Forums → Software and Operating Systems → Security	« Experts Have No Confidence That We Can Protect Cars and Streets From Hackers • Updated Adobe Flash players are out now. »