The way software is updated on personal computers, with every company rolling their own solution to a common problem, is archaic. In the same way we look at typewriters as something Fred Flintstone used, future techies will scorn this time period for the disgracefully inadequate way patches are distributed to end users.
I'm reminded of this by the latest update to a popular program, the free Foxit Reader for Adobe Acrobat files. The update, released August 4, 2008, fixes a number of bugs. Had I known about the update last month, I would have installed it. But, I just stumbled across it by accident.
This is not a knock on Foxit, a company that makes a very useful program, one that I use often, and gives it away for free. But, it's unrealistic for any normal computer user to keep up with updates to software when there are so many different delivery schemes.
For learning about software that needs to be updated, I'm a big fan of the online Secunia scanner, but it only goes so far. For one thing, Secunia only tracks the most popular software. Then too, unless you run a their full scan, there is no chance of detecting old versions of portable applications. Finally, it does not warn you about known buggy software for which there isn't yet a patch.
The version number for the Foxit Reader has not changed, it is still 2.3. The latest edition is build 3201. Prior editions of version 2.3 had build numbers of 2923, 2825 and 2822. Prior to that, the software was at version 2.2. As shown below, the standard Help -> About displays the version number and build number.
The company is working on a more automated self-updating system for version 2.4.
The Foxit Reader for Windows supports Windows ME, 2000, XP, Vista and Server 2003. There is also a Foxit Reader for Linux that has been tested on Fedora 4 and SuSE Linux 10, according to the company.
As I wrote previously, the Foxit Reader for Windows is available as a normally installed application and as a portable application.
The normally installed version is available at CNET's download.com, where the reviewer rated it 5 stars (out of 5). If you have an older copy of the normally installed edition, you can update it with Help -> "Check for Updates Now..." The list of available updates should include "Foxit Reader 2.3.2008.3201 Upgrade".
The portable version is available from Foxit as a 2.92MB zip file. Inside the zip file is a single 6.5MB EXE file. Extract the EXE file and you're done. I suggest renaming it, however, to make the version number more obvious. My naming standard for portable applications is something like:
FoxitReader.v2.3.August.2008.Portable.exe
Firefox 3 users can make Foxit their default PDF viewer with Tools -> Options -> Applications. Look for "PDF File" in the Content Type column, then click on the drop-down in the Action column and select "Use other". If you use the portable edition of the Foxit Reader, you'll have to click the Browse button to point Firefox to your latest portable copy.
See a summary of all my Defensive Computing postings.
This story starts out like so many others, but then takes a twist.
On Monday, Adobe released a patch that fixed a critical bug in their Adobe Acrobat Reader program. This was reported at CNET by Robert Vamosi, at ZDNet by Ryan Naraine, at the Washington Post by Brian Krebs and elsewhere. When I ran the Adobe Reader on a couple machines, I was duly reminded by a yellow tooltip window that a bug fix was available. On each machine the patch installed just fine. Ho hum.
The twist came about when I went to verify that the patch had been installed. I had started with the latest version of the Adobe Reader, 8.1.2. After installing the patch, I still had version 8.1.2.
You would be excused at this point if you thought this posting was about how or why the patch hadn't been correctly installed. But no, it had installed fine. Pretty surprising behavior, especially since the Adobe Reader may be the most widely installed software on the planet.
So, how can you tell if you have the buggy or the patched version of version 8.1.2?
Of course, if you're online, you can always check for updates. But, update applications are far from foolproof. Just today, Adobe's updater warned me that it couldn't check for updates to itself.
Windows
Security firm Secunia issued an advisory about this bug on the June 24. Yet, four days later, its usually excellent online scanner incorrectly flags a patched instance of version 8.1.2 as being version 8.1.0.137. I verified this on Windows XP and 2000.
For Windows XP, an answer came from someone calling themselves "zube" who made a comment at WashingtonPost.com. Go to the "Add or Remove Programs" applet in the Control Panel. At the top, turn on the checkbox to "Show updates" and Windows XP reports the installation of this latest bug fix.
As for Windows Vista, I installed a new copy of the Acrobat Reader today. A check for updates said it was the latest and greatest. But, the "Programs and Features" applet in the Control Panel did not indicate that it included this latest patch.
On a Windows 2000 machine with version 7 of the Adobe Reader, I uninstalled the old version and downloaded version 8.1.2 from Adobe.com. Even though this latest critical patch was released four days ago, Adobe is still offering up the buggy version of version 8.1.2 for download (as of June 27, 7 p.m. PDT). After installing the just-downloaded software, a check for updates showed that it was missing this latest bug fix. After installing the patch, the Add/Remove programs applet in the Control Panel verified that it had been installed.
Update: After this posting was originally written, Adobe pointed me to the Release notes for Adobe Reader and Acrobat 8.1.2 SU1 security update, which details two other ways to verify that you are using a patched instance of version 8.1.2. From the Adobe Reader, click on Help -> "About Adobe Plug-Ins..." -> Comments. The displayed date (see below) should be 6/7/2008. There is also another method that involves querying the registry.
Macintosh
On a Macintosh, Adobe advises clicking Reader -> Adobe Plug-Ins -> Comments. Just as with Windows, they say the API should be dated 6/7/2008. The Release Notes for the patch also describe some files that Mac users can look for. The presence of the files indicates a patched instance of the software.
Linux
The Security Bulletin for this patch doesn't say anything about Linux.
Ubuntu 8.04 does not include the Adobe Reader, instead Evince is used to read PDF files. I installed Acrobat 8.1.2 on Ubuntu after downloading it today from Adobe.com. The Help->About showed that the software was from January 15, 2008. I'm no expert on the four different package managers that come pre-installed with Ubuntu, but it didn't seem there was a more recent update to the Reader. Whether the software is vulnerable, only Adobe knows.
Update: According to Adobe, the software is vulnerable on Linux, an update is "in process" and it's expected to be released in July. When the fix is available, Adobe will update the Security Bulletin (link above).
Foxit
Many people argue that the Foxit PDF Reader is a better choice for viewing PDF files. There is a version for Windows, Linux, U3 and more (but no Mac version). Whatever the prior arguments were, now there is a new one. Adobe should not make patching into a guessing game.
Update June 27, 2008: Added Windows 2000
Update June 27, 2008: Added Secunia
Update June 28, 2008: Expanded Secunia and Linux topics
Update June 28, 2008: Included information from Adobe
Update June 29, 2008: Updated Foxit topic
Some information from the Release Notes for this patch also appears on an Adobe blog by Steve Gottwals How Can I Tell if I've got Reader 8.1.2 or 8.1.2 Security Update 1 Installed?
See a summary of all my Defensive Computing postings.
Foxit software just released a new version of its Adobe Acrobat PDF file reader. The previous version was 2.3 build 2825. The new version is still 2.3 but the build number is now 2923.
Although there is nothing about it on Foxit's Web site, the company confirmed on the phone that this is a bug-fix release.
On May 20, Secunia issued an advisory that pointed out what it called a "highly critical" bug in the prior version. Secunia expected a fix from Foxit in an upcoming version of the software, however, as of 12:15 p.m. EDT on Sunday May 25th (roughly two days after the software was released), Secunia still lists the bug as unpatched.
Update May 26, 2008: Secunia has confirmed that the bug they wrote about is fixed in this release.
If you use the portable version of Foxit, as I suggested back on May 6, then simply download the Zip file again and delete the older version. If you use the normally installed edition of Foxit, then you can check for updates with Help -> Check for Updates Now. The new version will show up as "Foxit Reader 2.3.2008.2923 Upgrade" if you are running the previous version. If you don't use Foxit at all, give it a try.
(Credit:
Foxit)
The Foxit servers appear to be swamped. I experienced multiple failures both checking for updates from within the program and trying to download the Zip file.
See a summary of all my Defensive Computing postings.
Today, May 20th, Secunia released an advisory about what they consider a "highly critical" bug in the Foxit PDF Reader. There is, as yet, no fix for the bug. Ryan Naraine has a bit more on this over at ZDNet.
The latest version (2.3) of the free Foxit PDF reader was released on April 25, 2008. I blogged about it on May 6th pointing out that there is a portable version of the program. That is, it can be carried around as a single EXE file on a USB flash drive and run on any Windows computer without having to be installed first. I ended my blog posting with this warning:
... new features ... scare me - new code is more likely to be buggy than older, established code. Still, I will use and recommend version 2.3 because of the bug fixes it contains, but be sure to check for updates (Help -> Check for Updates Now... ) relatively often.
Computer users are sometimes faced with a choice between software with the latest features vs. software that is tried and true. Defensive computing means opting for software with the best chance of being bug-free. See When it comes to software, the latest is not the greatest.
Update. May 22, 2008 11AM ET: Still, no update to the Foxit PDF Reader. To be continued...
Update. May 23, 2008 1PM ET: A new version of the Foxit PDF Reader was released today.
See a summary of all my Defensive Computing postings.
The big claim to fame for the Foxit PDF Reader has always been speed - it opens PDF files much faster than Adobe's own Acrobat Reader. Then too, it's free and much smaller than the Adobe Reader. Plus, people just like it. At download.com, the CNET review gave it 5 stars out of 5.
But there is another big advantage, the Foxit Reader is portable.
Portable applications are those that can be run without being installed. I'm a huge fan of portable applications and use them whenever possible, running them both off the C disk and USB flash drives. By distancing themselves from the host copy of Windows, portable applications offer two advantages. First, they insulate you from problems with Windows or the registry. On the other end, they are less likely to cause problems for the host copy of Windows.
For whatever reason, the fact that there is a portable copy of the Foxit Reader seems to be a secret. It is not mentioned on either the Foxit download page, the Foxit overview page or at download.com.
To get the portable version, simply download the 2.9MB "ZIP Package" from Foxit Software. This downloads a Zip file consisting of a single file, FoxitReader.exe. When unzipped, the reader is 6.5MB.
The portable version of Foxit saved me on one computer where the old version 7 of the Adobe Acrobat Reader could not be un-installed, and the new version 8 could not be installed. Foxit to the rescue.
The current version, 2.3, was released at the end of April. According to Foxit Software, many new features have been added. According to Brian Krebs, writing for the Washington Post, critical security bugs were fixed in this release.
While elsewhere on CNET, new features are considered a good thing, they scare me - new code is more likely to be buggy than older, established code. Still, I will use and recommend version 2.3 because of the bug fixes it contains, but be sure to check for updates (Help -> Check for Updates Now... ) relatively often.
Normally-installed software requires certain file names, but this is not true of portable software. If you do run the portable version of the Foxit PDF Reader, let me suggest changing the file name. I use:
FoxitReader.v2.3.April.2008.Portable.exe
This tells me at a glance the version/release, the date it was released and that it is the portable version rather than the setup file for the normally installed version.
The Foxit PDF Reader runs on Windows 98, ME, 2000, XP, 2003 and Vista.
Update May 7, 2008: I just stumbled across a feature in the Adobe Reader that is missing from the Foxit Reader - the ability to copy images. I was recently using a PDF file that had started out as a Word document. As shown below, the Adobe Reader lets me copy individual pictures out of the PDF simply by right clicking on the image. Foxit does not seem to support this.
Update May 20, 2008: A critical bug was just found in the Foxit PDF Reader.
Update May 23, 2008: A new version of the Foxit PDF reader was just released.
See a summary of all my Defensive Computing postings.
- prev
- 1
- next
