• On The Insider: Bruno Film Edited Due to Jackson's Death
January 6, 2008 3:28 PM PST

Black eyes for Adobe

by Michael Horowitz

On December 22, I wrote about problems updating the Flash player in Firefox, where I mentioned that the Adobe un-installer program for the Flash player does not always un-install the Firefox plug-in DLL version of the Flash player. Simply put, Adobe is not aware of all the places that Firefox looks to find the Flash player. The un-installer would run fine, but Firefox would nonetheless continue to use an old version of the Flash player, even after installing a newer version.

At the time, I reported this as a bug to Adobe (using this form). It is now two weeks later, and Adobe never responded, either to me or by updating the un-installer.

Realizing their press people might want to be aware of this, I also contacted the public relations department at Adobe (using this form). No response.

And then there is the whole issue of needing a special Flash player un-installer in the first place. Did you know this was necessary? Do your friends?

From where I sit, it doesn't seem that Adobe has done a good job of communicating this. And it's a necessary communication, removing the Flash player using the standard Add or Remove Programs applet from the Windows XP control panel doesn't work, and may or may not indicate that it doesn't work.

Speaking of communication, did you know that versions of the Flash player prior to "9,0,115,0" have serious security bugs (aka vulnerabilities or holes)? Secunia calls these bugs "highly critical." The tech support page for Flash doesn't mention them at all.

Then there are the recent stories about Adobe spying on how their customers use their CS3 software.

-- Adobe, Omniture in hot water for snooping on CS3 users
    by David Chartier December 31, 2007

-- Wear tinfoil hats when using Adobe products
    by Nicholas Carlson December 27, 2007

The CS3 software makes an outbound connection to something specifically designed to deceive. The connection is to a computer by name, but the name was chosen to look like a safe IP address. Specifically, the CS3 software communicates with 192.168.112.2O7.net.

Many people know that IP addresses that start with 192.168.x.x are for internal use only. That is, they are special IP addresses that do not exist on the Internet, but are instead reserved for use on local area networks. Adobe and tracking firm Omniture tried to use this commonly known fact to trick people who are not real techies.

Nerds know that this is 207.net, but many people no doubt see it as 192.168.112.207 and think it is a safe, internal-use-only IP address. Pretty sneaky.

By the way, Omniture owns two 207.net domains, one with the middle character the letter "O" and one with the middle character a zero.

Finally, there is another wrinkle to the problem of not fully removing the Firefox plug-in DLL version of the Flash player. Originally, I noted that Adobe's un-installer failed to remove the program from
C:\Program Files\Mozilla Firefox\plugins\

Recently, I worked on a computer that had Netscape Communicator installed (the e-mail program continued to be viable long after the Web browser fell by the wayside). On this machine, the Flash player DLL was in
C:\Program Files\Netscape\communicator\program\plugins

The un-installer missed this too.

If you know someone at Adobe, you might want to pass this on. They won't speak to me.

Update: Someone from Adobe contacted me on January 7th. They are investigating this now. Apparently many/most/all Adobe employees take off from December 24th until early January.

See a summary of all my Defensive Computing postings.

Michael Horowitz is an independent computer consultant and the author of several classes on Defensive Computing. He is a member of the CNET Blog Network, and is not an employee of CNET. Disclosure.
Topics:

Software,

Gripes

Tags:

Adobe,

gripes,

Flash

Share:
Digg
Del.icio.us
Reddit
Recent posts from Defensive Computing
Fixing bugs in the Flash Player yet again
Getting more battery power for your computer
Get an MSI Wind Netbook for only $349
Not interested in a Netbook computer? Consider the Honda Fit
Beware emails linking to blogspot.com
When Word documents break
More about printer ink rip-offs
Some computers are too important to be networked
Related
Add a Comment (Log in or register) (10 Comments)
  • prev
  • 1
  • next
by tiga31328 January 6, 2008 4:05 PM PST
I have observed this issue with FireFox. I am also observing a problem with the recent version(9,0,115,0 ) in that most every website that I visit thinks that I do not have a current version of Flash Player installed. I don't know yet if it is an issue with the player, or with the process that is being used to detect it. -Patrick
Reply to this comment
by ajhoughton January 7, 2008 7:24 AM PST
"The CS3 software makes an outbound connection to something specifically designed to deceive."

Sorry, but this is FUD.

The Welcome window can cause such a connection to be made, but it happens solely because the Welcome window includes content from Adobe's web site. If you turn the Welcome window off, you'll find that no connections to 2O7.net are made.
Reply to this comment
by mhinnewyork January 7, 2008 7:47 AM PST
To: ajhoughton
I do not use CS3, so I can't test when it connects to 2o7.net. However, the way the 2o7.net computer name was chosen, to make it look like an internal IP address, has to have been done for deceptive reasons.
Michael Horowitz
Reply to this comment
by ajhoughton January 7, 2008 8:28 AM PST
Sure, the name 192.168.112.2O7.net does *appear* to be an attempt to fool people into thinking that it's an internal IP address.

But it still might not be. You (and other commentators) are all assuming the worst. For all we know, it may be a total coincidence that it ended up with a name that looks like a private IP address. I agree that it seems likely that it was intentionally chosen, but what irritates me most about this whole saga is that nobody will give anyone the benefit of the doubt. Everyone immediately assumes someone is spying, someone is deceiving them, someone is secretly watching their every move. Please! Most peoples' every move couldn't be more dull.

And even *if* we assume it is an attempt to deceive someone, that raises the questions of *who* it is supposed to deceive, *why*, and who made the decision to do it. Again, everyone assumes the worst.

It's best to apply Hanlon's Razor in these kinds of circumstances. i.e. assume stupidity or incompetence, rather than malicious intent.
by DennisNY January 7, 2008 9:14 AM PST
John Nack, the Product Manager for Adobe Photoshop, addressed the CS3 issue in his blog last week. See it here http://blogs.adobe.com/jnack/2007/12/adobe_ate_me_ba.html
Reply to this comment
by M C January 8, 2008 9:44 AM PST
LOL. Random dude has problem, is treated like random dude, happens to be blogger. Yawn.

Seen this movie before (I think it was titled 'The Robert Scoble Story.")
Reply to this comment
by mhinnewyork January 8, 2008 12:25 PM PST
To:MC
Whether Adobe talks to me or not, is not really the point. Selfishly, I don't care, I fixed all my Flash problems and don't use CS3. I was trying to notify them about a bug in their software. This matters to the millions of daily Flash users that may still be using an insecure and dangerous version of the Flash player, either because they don't know of the need to update it or they seemingly did update it, but the update never actually took. .
Michael Horowitz
Reply to this comment
by mhinnewyork January 8, 2008 1:16 PM PST
To: DennisNY
The blog posting you pointed to, written by John Nack of Adobe, does not, in fact address the issue of the IP address purposely designed to deceive. I read the December 28th posting you linked to and the follow-up one. As of January 7th Mr. Nack still has no answer. Quoting him: " I said I'm working on it, and I am. Sometimes at a big company (esp. when other companies are involved) it's not possible to move as quickly as one would like."
Michael Horowitz
Reply to this comment
by frasercrane January 19, 2008 10:44 PM PST
Do you have any speeches for a radio broadcaster wishing to make a comeback?
Reply to this comment
by gplauche April 21, 2008 10:00 AM PDT
I can verify that this is still a problem. I tried installing the latest Flash Player plugin yesterday and it messed everything up. I used the uninstaller but it still can't find all the dll files that Secunia can find.
Reply to this comment
(10 Comments)
  • prev
  • 1
  • next
advertisement

Can RIM get its mojo back?

The new BlackBerry Tour, carried by Verizon and Sprint, arrives Sunday, even as RIM seems to be losing sales to exclusive devices like the iPhone and Pre.

With Chrome, Google reignites the OS wars

roundup Google Chrome OS, due in 2010, underscores the Web giant's cloud-computing ambitions and opens new competition with Microsoft.
• What Chrome OS has on Windows that Linux doesn't

About Defensive Computing

Michael Horowitz is an independent computer consultant and the author of several classes on Defensive Computing. He views Defensive Computing as taking steps, when things are running well, to avoid or minimize the inevitable problems down the road. It's about educating yourself to the level where you can make your own intelligent decisions about keeping your computers and data happy and healthy. If you depend on computers, yet are on your own, without an IT department or nearby nerd, this blog's for you. His personal web site is michaelhorowitz.com.

He is a member of the CNET Blog Network and is not an employee of CNET.

Disclosure.

Add this feed to your online news reader

Defensive Computing topics

advertisement
advertisement

Inside CNET News

Scroll Left Scroll Right
News
News site map
Latest headlines
Contact News
News staff
Corrections
CNET blogs
Popular topics
Apple iPhone
Apple iPod
Cell phones
Dell
GPS
LCD TV
CNET sites
CNET Site map
CNET TV
Downloads
News
Reviews
Shopper.com
More information
Newsletters
CNET Mobile
Customer Help Center
RSS
CNET Widgets
About CNET