Luminous Landscape Forum
Raw & Post Processing, Printing => Digital Image Processing => Topic started by: daws on May 11, 2012, 08:02:10 pm
-
From CNET news (http://news.cnet.com/8301-1009_3-57433091-83/adobe-users-must-pay-for-security-upgrades/):
May 11, 2012
Adobe users must pay for security upgrades
The company has released patches for four of its software suites, but users concerned about the vulnerabilities in these products will be required to purchase upgrades of each product except for one.
Adobe's recent release of patches for Photoshop, Illustrator, Flash Professional, and Shockwave have all been marked critical by the company, but users will be required to pay out of their own pocket for almost all of them.
All of the related vulnerabilities, found in each of Adobe's four software suites, have the potential to allow a remote user to execute arbitrary code and take complete control of the user's computer. While the patch for Shockwave is free, no such patch is available for CS5.5, or earlier versions of Photoshop, Illustrator, and Flash Professional. Instead, users concerned about the vulnerabilities in these products will be required to purchase upgrades of each product
According to Adobe's site, it will cost at least $199 U.S. to upgrade to Photoshop CS6, $249 to upgrade to Illustrator CS6, and $99 to upgrade to Flash Professional CS6.
Thanks a heap, 'Dobe. >:( (And if you think I'm pissed, wait'll you read the comments posted on the CNET (http://news.cnet.com/8301-1009_3-57433091-83/adobe-users-must-pay-for-security-upgrades/) site!)
Can't wait to hear the defenses that will be spun for this one.
-
If this is what's really going on, it strikes me as questionable corporate strategy. The whole industry has an interest in keeping the internet a safe place to be and if it means offering free security patches for several versions back, that would seem to be in their interest. It's like networks economics, the case being here that the more people who can be induced to stay safe (say by not having to pay for security patches), the safer the system for everyone.
-
I think they're confusing upgrades, as from CS5 to CS6, with security updates. In some newsroom somewhere, the tech subject writer is on vacation and the fashion editor is filling in as best he can. Which is not to say those $199 upgrades are less than inflammatory, but at least we're used to it by now.
-
If it's just confusion I'm glad to hear that. As for the price of the upgrades - look - they're a business with shareholders and high overheads with big numbers of high-end staff all over the planet delivering state-of-the-art technology. What do you expect?
-
Here's the Adobe Security Bulletin (https://www.adobe.com/support/security/bulletins/apsb12-11.html). It's not written particularly clearly, but it does say that the vulnerability affects “Adobe Photoshop CS5 and earlier versions for Windows and Macintosh.”
As the solution, “Adobe has released Adobe Photoshop CS6 (paid upgrade), which addresses these vulnerabilities. For users who cannot upgrade to Adobe Photoshop CS6, Adobe recommends users follow security best practices and exercise caution when opening files from unknown or untrusted sources.”
-
As the solution, “Adobe has released Adobe Photoshop CS6 (paid upgrade), which addresses these vulnerabilities. For users who cannot upgrade to Adobe Photoshop CS6, Adobe recommends users follow security best practices and exercise caution when opening files from unknown or untrusted sources.”
In other words, "Dear Customer: buy our upgrade or you're on your own, security-wise."
Incredible.
Having used computers since 1984, I can't recall the customers of a major app ever facing this kind of situation.
Does Adobe seriously believe this won't backfire in their faces?
-
I guess I was being too kind.
WTF! I kinda expect software vendors to fix serious security vulnerabilities for quite a versions back, for no charge and very quickly. It has something to do with being a responsible citizen in the online world. Particularly for software packages that cost, what, $800?
Is this a PS bug or something to do with the TIF file format itself? Not too clear from the writeup.
But some very loud complaining is in order, IMHO. Adobe needs to perceive this as a PR disaster.
-
I have read the Adobe update.
Poorly written piece but it appears at this stage that Adobe have no plan to provide a fix for earlier versions of Photoshop.
Clearly this is unacceptable and at the very least a far better explanation of what is going on is required. (Senior executives at a press conference come to mind along with a press release that doesn't read like "Chinese" English.)
A really good explanation of why Adobe will not or cannot fix the issue in earlier versions also needs to be provided.
Any excuses along the lines that previous versions should have been upgraded anyway to exonerate Adobe's responsibility here should be firmly rejected.
Regards
Tony Jay
-
As expected, this thing is exploding across the social media.
From nakedsecurity (http://nakedsecurity.sophos.com/2012/05/11/adobe-photoshop-security/)...
What a PR disaster for the company.
At first when I heard the news I thought there must be some mistake. Maybe Adobe's security advisories had been worded poorly and although upgrading - for example, to PhotoShop CS6 - would fix the vulnerability, the firm would also roll out a free patch to users of earlier versions.
But no. Judging by a report from H-Online, Adobe has no plans to publish a free security fix.
Adobe's view is that because Photoshop "has historically not been a target for attackers" the risk level doesn't make it worthwhile to produce a fix that users don't have to pay for.
From the H-Online Security (http://www.h-online.com/security/news/item/Adobe-Photoshop-is-not-a-target-for-attackers-1572717.html) site mentioned above:
Adobe have responded to the suggestion that they are effectively charging for security updates, saying that they do not believe that "the real-world risk to customers warranted an out-of band release to resolve these issues". On Wednesday, a security bulletin issued by Adobe pointed out security flaws in Photoshop CS5/CS5.5 and Illustrator CS5/CS5.5, but offered only a paid-for upgrade to the very recently released CS6 versions of the applications as a fix for the flaws.
Contacted by The H's associates at Heise Security, the company says it rated the APSB12-11 security bulletin a "priority 3 update" on the basis that "it is a product that has historically not been a target for attackers" and that it was not aware of any exploits targeting the issues that they had fixed. Adobe may be categorising exploits as "code used in anger to cause damage", because there is at least one proof of concept exploit for one of the APSB12-11 vulnerabilities.
Releasing a security advisory will, however, have raised awareness with attackers – especially attackers who use spear-phishing tactics aimed at particular categories of users within an organisation – that such holes exist in Photoshop and that they are potentially exploitable. Adobe says that installation of the upgrade "is therefore at the user's/administrator's discretion". The company also said that no "dot release" or update was scheduled for either Photoshop CS5 or CS5.5 where an "in-band" fix would have been included, so the flaws are likely to persist in the wild for a number of years.
-
We are in the process of resolving these vulnerabilities in Adobe Photoshop CS5.x, and will update this Security Bulletin once the patch is available
http://www.adobe.com/support/security/bulletins/apsb12-11.html
-
It seems to me that Adobe is doing everything what is possible to make their users more upset … interesting business strategy :)
Regards, Filip
--------------------------
http://shotworldwide.com
-
Did you read the updated bulletin? A patch for CS5.5 will be available.
-
Phil, first article which I have read today was this one:
http://nakedsecurity.sophos.com/2012/05/11/adobe-photoshop-security/
And I also read many articles regarding upgrades last November …
http://blogs.adobe.com/conversations/2011/11/adobe-creative-cloud-and-adobe-creative-suite-new-choices-for-customers.html?PID=2159997
Regards, Filip
--------------------------
http://shotworldwide.com
-
Phil, first article which I have read today was this one:
http://nakedsecurity.sophos.com/2012/05/11/adobe-photoshop-security/
And I also read many articles regarding upgrades last November …
http://blogs.adobe.com/conversations/2011/11/adobe-creative-cloud-and-adobe-creative-suite-new-choices-for-customers.html?PID=2159997
Regards, Filip
--------------------------
http://shotworldwide.com
Maybe you should just accept the fact as reported to us that Adobe is preparing a patch for PSCS5. And I'm pleased they are.
-
Well, as I upgraded in November from CS3 I obviously don't feel happy as I have to pay twice for CS6. If I would wait like others I would pay only once now.
But don't worry - I will accept it …
Regards, Filip
--------------------------
http://shotworldwide.com
-
We are in the process of resolving these vulnerabilities in Adobe Photoshop CS5.x, and will update this Security Bulletin once the patch is available
What about the users of CS4 and CS3?
-
Dunno. How far back do you want them to go? They're doing 1.5 versions back now and the current version. Seems pretty reasonable.
-
^ I think releasing a patch to fix what Adobe calls a "critical" security risk for CS5x, CS4x and CS3x is very reasonable -- and good customer relations.
The kind of long-range customer relations that seems to be escaping Adobe and its apologists these days.
-
Are you certain the same security risk exists in CS4 and CS3? I haven't seen any reference to it.
-
Are you certain the same security risk doesn't exist in CS4 and CS3?
Only a few days ago I was certain no security risk existed in my CS5.5. I learned of it quite by accident, reading CNET news -- no thanks to Adobe.
To me and many others, we've moved considerably past the point of no return in giving Adobe the benefit of the doubt.
-
You're missing the point. Mark is saying that unless that security risk exists, then there's no need for a patch. Unless you know that the risk exists, why call for a patch or complain at the lack of one.
Also, calling anyone who disagrees with you or thinks that something Adobe does is reasonable an "apologist" gets old. If you can't discuss a point without resorting to name calling then you really have nothing of value to say.
-
If I look at this problem from the other angle - some people can use these vulnerabilities to take over your computer and attack third party companies.
Please correct me if I am wrong.
Does Adobe support these people?
Regards, Filip
--------------------------
http://shotworldwide.com
-
Yes, yes I'm sure that Adobe supports these people - that's exactly it. This is a conspiracy by Adobe to help these people attack their competitors so they can reach the number one position in the market.
Oh, wait...
-
Actually, if there is a security vulnerability and Adobe refuses to fix it, then yes, Adobe supports them. And this is not a conspiracy theory, this is a reality, because these attacks are happening.
Regards, Filip
--------------------------
http://shotworldwide.com
-
Are you certain the same security risk exists in CS4 and CS3? I haven't seen any reference to it.
Adobe's security bulletin (http://www.adobe.com/support/security/bulletins/apsb12-11.html) says, “Affected software versions: Adobe Photoshop CS5 and earlier versions for Windows and Macintosh” (emphasis added).
-
Actually, if there is a security vulnerability and Adobe refuses to fix it, then yes, Adobe supports them. And this is not a conspiracy theory, this is a reality, because these attacks are happening.
They are happening, are they? You have any evidence at all that this exploit has actually been used to make an attack?
How about the people who insist on opening unsolicited emails and attachments and opening images from unknown sources take some responsibility and either stop doing that or take security precautions (anti virus, anti malware, DEP, firewalls, etc.)? Why must Adobe (or any company) provide patches on software that is 2.5 versions old in order to protect against stupidity (which is precisely how I would describe the act of opening such things - the only way known for this exploit to be delivered)?
When they weren't offering it for 5.x then I think there was a very legitimate concern, but once that was covered I think it's reasonable.
-
They are happening, are they? You have any evidence at all that this exploit has actually been used to make an attack?
How about the people who insist on opening unsolicited emails and attachments and opening images from unknown sources take some responsibility and either stop doing that or take security precautions (anti virus, anti malware, DEP, firewalls, etc.)? Why must Adobe (or any company) provide patches on software that is 2.5 versions old in order to protect against stupidity (which is precisely how I would describe the act of opening such things - the only way known for this exploit to be delivered)?
When they weren't offering it for 5.x then I think there was a very legitimate concern, but once that was covered I think it's reasonable.
Many people lock the door even they did not get anything stolen yet ...
And Adobe has millions of users. We pay for the software & software upgrades and obviously some of us wish to keep our computers secure.
Would you post your credit card informations here? The World is safe, isn't?
Regards, Filip
--------------------------
http://shotworldwide.com
-
They are happening, are they? You have any evidence at all that this exploit has actually been used to make an attack?
How about the people who insist on opening unsolicited emails and attachments and opening images from unknown sources take some responsibility and either stop doing that or take security precautions (anti virus, anti malware, DEP, firewalls, etc.)? Why must Adobe (or any company) provide patches on software that is 2.5 versions old in order to protect against stupidity (which is precisely how I would describe the act of opening such things - the only way known for this exploit to be delivered)?
When they weren't offering it for 5.x then I think there was a very legitimate concern, but once that was covered I think it's reasonable.
Your sure that the people reporting problems have opened "unsolicited emails and attachments and opening images" or is the security vulnerability in photoshop itself? Theres a big difference.
If Adobe have left customers computers vulnerable then it should be their responsibality to fix it.
-
We don't accept it from Microsoft do we? They are still updating my XP and office 2003 versions. Why should we from Adobe?
-
We don't accept it from Microsoft do we? They are still updating my XP and office 2003 versions. Why should we from Adobe?
Ben, this is correct. Any provider of software that is heavily used on a world-wide basis has a material interest in security going back a good number of versions. As for Windows XP, there are still millions of users so Microsoft will do this. In the case of Adobe, fist of all it's a much smaller universe than Windows or OSX, but still important. I've been to PhotoshopWorld a number of times. Early in the first session Scott Kelby does a survey amongst the audience (of about 3000) to gauge how many are using what version of Photoshop. Systematically, judging from the hand-count I would say about 80% or more are up-graded to the latest version. If that's a valid sample, and Adobe would know from their internal metrics, the urgency of patching older versions may be less pronounced than it is in the case of a Microsoft. But my bottom line is that they should do it anyhow, because even if there were still several hundred thousand users of CS3/CS4 hanging around, there is a broader security interest that goes well beyond those users to have these versions patched. As I mentioned early, what matters most are the externalities. Any one infected computer can unknowingly spread it to a great many others. Phil has a point that stupidity plays a role in all of this, but sad to say, there is a good measure of stupidity out there, so like it or not the industry needs to cater for this.
-
Are you certain the same security risk doesn't exist in CS4 and CS3?
To me and many others, we've moved considerably past the point of no return in giving Adobe the benefit of the doubt.
May I ask what "doubt" you won't give them your "benefit" of, and what are your credentials for making such sweeping judgments?
-
If that's a valid sample, ....
But it almost surely is not a valid sample, in the statistical sense of being an unbiased (roughly speaking, representative) sample of all Photoshop users. I would imagine that those how attend PhotoshopWorld are more likely to be professionals and less likely to be amateur or hobbiest photographers. And the amateurs / hobbiests are, I would also imagine, less likely to be on the current version of Photoshop. Hence, by my logic, the sample of Photoshop users who attend Photoshop World are more likely than the 'average' user to be on the current version
-
But it almost surely is not a valid sample, in the statistical sense of being an unbiased (roughly speaking, representative) sample of all Photoshop users. I would imagine that those how attend PhotoshopWorld are more likely to be professionals and less likely to be amateur or hobbiest photographers. And the amateurs / hobbiests are, I would also imagine, less likely to be on the current version of Photoshop. Hence, by my logic, the sample of Photoshop users who attend Photoshop World are more likely than the 'average' user to be on the current version
That's why I mentioned the qualification - that said, my anecdotal sense of it is that there's a tremendous variety of "cohorts" in that sample - every one from bare beginners through medium-to-advanced amateurs to seasoned professionals who attend. Needless to say I don't have access to Adobe's data but it doesn't matter - what matters is the number of users it takes to create a substantial security risk, and in that sense it's possible that there may be enough users of everything from CS3 onward to justify patching security flaws at least back three versions - if only to give every one peace of mind.
-
Why must Adobe (or any company) provide patches on software that is 2.5 versions old in order to protect against stupidity (which is precisely how I would describe the act of opening such things - the only way known for this exploit to be delivered)?
Thaaat's right, blame the customer for security holes in the app.... ::)
-
Thaaat's right, blame the customer for security holes in the app.... ::)
Phil wasn't blaming customers for security flaws in the app. He was stating his position about the extent to which he thinks it's reasonable for a company to protect the community from users' own behaviour. He things 1.5 versions is enough; for overall security reasons, I would be a bit more expansive and go back to CS3.
-
Your sure that the people reporting problems have opened "unsolicited emails and attachments and opening images" or is the security vulnerability in photoshop itself? Theres a big difference.
If Adobe have left customers computers vulnerable then it should be their responsibality to fix it.
So far, there are NO reported cases - only a proof of concept. It needs someone to deliberately craft a TIFF file to cause the problem, which means if you exercise normal internet security of not opening things that don't come from trusted sources then it's extraordinarily unlikely that you will have a problem.
-
So far, there are NO reported cases - only a proof of concept. It needs someone to deliberately craft a TIFF file to cause the problem, which means if you exercise normal internet security of not opening things that don't come from trusted sources then it's extraordinarily unlikely that you will have a problem.
Phil - yes, but suppose a "trusted source" passes on an infected TIFF because they don't know it's infected? I can easily conjure perfectly innocent scenarios in which this could occur. This security - or perhaps better to say - insecurity business is becoming so sophisticated that unfortunately one needs defense in depth and then hope to be adequately protected.
-
I agree, Mark. Everyone should be encouraged to practice good security and be responsible netizens. But, really, how often are people passing TIFFs that will be opened in an Adobe app that are just random files (as opposed to emails with funny pictures in them, which will be viewed)?
All we have at the moment is a proof of concept. We haven't seen any reported cases in the wild. We don't know for sure how it affects previous versions. We don't know whether this will circumvent normal security processes (AV, AM, DEP), so it's a little early to be crucifying Adobe (or anyone) for not going back more than 2.5 versions.
I felt the commentary about not looking at CS5.x was warranted as it is effectively still "current", but I'm not convinced that it needs to ba priority to look at older versions.
-
Yes, all those unknowns and uncertainties are there and you may right that the risk is probably not very high, though we can't be sure. I wouldn't "crucify" Adobe over this either, but I also think it's in their interest and everyone elses' to understand the importance of perceptions and take a long and broad view of reputational risk; judging from their latest response they seem to be doing that.
-
The latest from CNET (http://news.cnet.com/8301-1009_3-57433231-83/adobe-will-issue-free-security-fixes-for-cs5-apps-after-all/):
Adobe will issue free security fixes for CS5 apps after all
The company says it's working on patches for Creative Suite 5.x versions of Photoshop, Illustrator, and Flash. Previously, customers would have had to pay to upgrade to CS6 to get the fixes.
May 12, 2012
Adobe has apparently changed its mind about requiring customers to pay to get recent security patches for its Photoshop, Illustrator, and Flash Professional products.
The patches cover vulnerabilities that could let a remote user execute malicious code and take control of computers that are running the products.
A post to Adobe's security blog (http://blogs.adobe.com/psirt/) dated yesterday says the following:
"We are in the process of resolving the vulnerabilities...in Adobe Illustrator CS5.x, Adobe Photoshop CS5.x (12.x) and Adobe Flash Professional CS5.x, and will update the respective Security Bulletins once the patches are available."
Adobe had originally said customers would need to pay to upgrade to the CS6 versions of the products to get the fix.
The company told CNET sister site ZDNet Australia earlier that "while Adobe did resolve these issues in the Adobe Illustrator/Photoshop/Flash Professional CS6 major releases, no dot release was scheduled or released for Adobe Illustrator/Photoshop/Flash Professional CS5 or CS5.5," and that "the team did not believe the real-world risk to customers warranted an out-of-band release to resolve these issues."
Adobe told ZDNet Australia that it wasn't aware of any attacks that were taking advantage of the security flaws, but the news site noted that there is "a working proof of concept for the Photoshop vulnerability in the wild, which could make it trivial for a hacker to launch a targeted attack on a user."
Rich Mogull, a security analyst at Securosis.com, told Macworld that a software maker not issuing security patches for products it still supports breaks with "industry convention and customer expectations. If the products are really out of support, then that's understandable. But [Adobe's] own site shows them still within an active support window." Macworld reported on the CS5.x fixes earlier today.
It's unfortunate for Adobe that it took an explosion of outrage and derision in the social media for Adobe to reverse its original "pay for security" policy.
Unfortunate, too, that there is still no specific mention in the Adobe Product Security blog about vulnerabilities in CS4x or CS3x.
-
2 days ago I posted the updated link confirming they were working on 5.x patches...
-
2 days ago I posted the updated link confirming they were working on 5.x patches...
Please, would you tell me what patches for 5.x have to do with vulnerabilities in CS3/CS4? Does it mean that older versions of Photoshop are secure enough? I am sorry, I do not understand your reply …
Regards, Filip
--------------------------
http://shotworldwide.com
-
2 days ago I posted the updated link confirming they were working on 5.x patches...
Indeed you did, but the point is that perhaps they should do more. Check this for example:http://www.informationweek.com/news/security/app-security/240000397 (http://www.informationweek.com/news/security/app-security/240000397); the most pertinent paragraph being:
"It's encouraging to see Apple has not left users of this older version [talking about Leopard - OSX 5.x] of the Mac OS X operating system completely out in the cold when it comes to protecting against the latest threats," said Graham Cluley, senior technology consultant at free Mac antivirus maker Sophos, in a blog post. "Clearly they realize that it's not good for the Apple Mac's image if older computers connected to the Internet are harboring malware that could cause problems for others in the Mac community."
He's reflecting exactly the factor I raised in posts above - it is a problem of "externalities" affecting potentially all users.
-
My reply is that a lot of people seemingly don't read the links provided by people and continued to complain about the issue and then suddenly, 2 days later, said "oh, wow, they're fixing 5.x" because they saw it on their favourite tech blog.
It is far better to go direct to the source and read the releases from Adobe.
-
Yup. All true. :-)
-
My reply is that a lot of people seemingly don't read the links provided by people and continued to complain about the issue and then suddenly, 2 days later, said "oh, wow, they're fixing 5.x" because they saw it on their favourite tech blog.
It is far better to go direct to the source and read the releases from Adobe.
In fact it would be far better if Adobe's defenders realized that knee-jerk defense of the company on public forums is the worst kind of defense a company can have.
Its belated announcement of security patches for CS5x notwithstanding, Adobe is at this moment being pilloried in the social media for displaying precisely the kind of attitude I see here: the bristling at the very suggestion that the company could be acting wrongly, and the dismissive, condescending tone at any customer who suggests so.
For a company that isn't suffering from customer relation issues, such defense is not needed. For one that is, such defense only worsens the perception that the company is neither listening, no cares.
-
I'm not defending them - I'm merely providing factual information and commenting on my concern that people get upset for things which were clarified days ago.
The initial release was either extremely poorly written or bad management.
Again, the name calling (apologist, defender, etc), is a very bad reflection on those who stoop to such levels.
-
Again, the name calling (apologist, defender, etc), is a very bad reflection on those who stoop to such levels.
I agree with this completely. Uncalled for, and adds nothing to - indeed detracts from - what should be a straightforward factual discussion of a situation.
-
In fact it would be far better if Adobe's defenders realized that knee-jerk defense of the company on public forums is the worst kind of defense a company can have.
Its belated announcement of security patches for CS5x notwithstanding, Adobe is at this moment being pilloried in the social media for displaying precisely the kind of attitude I see here: the bristling at the very suggestion that the company could be acting wrongly, and the dismissive, condescending tone at any customer who suggests so.
For a company that isn't suffering from customer relation issues, such defense is not needed. For one that is, such defense only worsens the perception that the company is neither listening, no cares.
And really there are no facts backing up how wide spread the amount of bristling is going on caused by all this attention to Adobe's actions whether through the media or online social networking which I would assess toward any subject discussed this way.
Just because someone says they heard/read it here, there, online and from their neighborhood computer club doesn't make it wide spread and a world consensus.
Fervor starts by feeding on itself. Facts become secondary after that happens.
-
Fervor starts by feeding on itself. Facts become secondary after that happens.
Very true.
-
And really there are no facts backing up how wide spread the amount of bristling is going on caused by all this attention to Adobe's actions whether through the media or online social networking which I would assess toward any subject discussed this way.
Just because someone says they heard/read it here, there, online and from their neighborhood computer club doesn't make it wide spread and a world consensus.
Fervor starts by feeding on itself. Facts become secondary after that happens.
For those of you who wish to learn something more about Adobe's customer service and facts please visit Adobe's Photoshop General Discussion:
http://forums.adobe.com/message/4414347#4414347
This discussion is not about security issues but this is just another proof of Adobe's customer ignorance. And I also agree that "knee-jerk defense of the company on public forums is the worst kind of defense a company can have."
Regards, Filip
-------------------------
http://shotworldwide.com
-
For those of you who wish to learn something more about Adobe's customer service and facts please visit Adobe's Photoshop General Discussion:
http://forums.adobe.com/message/4414347#4414347
This discussion is not about security issues but this is just another proof of Adobe's customer ignorance. And I also agree that "knee-jerk defense of the company on public forums is the worst kind of defense a company can have."
Regards, Filip
-------------------------
http://shotworldwide.com
Again, that is your opinion. It is not fact nor is it a consensus. That link to the Adobe discussion is just users of their software (not Adobe employee customer service reps) talking about their opinion and feelings toward how a company decides to conduct business.
I'm not a shill for Adobe by any long shot. I finally plunked down my $133 CS3 to CS5 upgrade, installed the software and don't even use it because of the learning curve involved familiarizing myself with all the added features, placement and redesign of tools and that confounded workspace tool palette "tabby thingy" arranging I have to keep clicking on to get it to collapse and stay out of the way. I just got used to how CS3 deals with this.
I get the impression Adobe is just trying to force photographers to move to Lightroom by irritating the hell out of them with each Photoshop upgrade redesign, but that's my frustration centric opinion that can't be proven that it is shared by every owner of CS5.
-
Again, that is your opinion. It is not fact nor is it a consensus. That link to the Adobe discussion is just users of their software (not Adobe employee customer service reps) talking about their opinion and feelings toward how a company decides to conduct business.
I'm not a shill for Adobe by any long shot. I finally plunked down my $133 CS3 to CS5 upgrade, installed the software and don't even use it because of the learning curve involved familiarizing myself with all the added features, placement and redesign of tools and that confounded workspace tool palette "tabby thingy" arranging I have to keep clicking on to get it to collapse and stay out of the way. I just got used to how CS3 deals with this.
I get the impression Adobe is just trying to force photographers to move to Lightroom by irritating the hell out of them with each Photoshop upgrade redesign, but that's my frustration centric opinion that can't be proven that it is shared by every owner of CS5.
Adobe customer service is a very mixed bag. Sometimes the experience is fine, other times it can be very frustrating. It depends on the issue and the people you get to speak to. Shouldn't be that way, but that's life, and especially given the lack of competition, it's good that we have the internet to help put them on their toes - best done in a constructive and positive manner I should add.
Yes, when software features are changed there is a learning curve. The issue isn't the fact there is a learning curve, but whether the feature change is of a nature that the time committed to the learning curve is worthwhile. Sometimes the people who design these things are more visionary than the users who get too comfortable with a set way of doing things, and after a while we come to appreciate that changes we thought were trivial can indeed be quite useful. Again, it depends; but having to learn something new is not a defect of application development policy. Let me leave it at that.
Now tell me WHY Adobe should want to push their customers into a low-priced application at the expense of a high-priced application? Apart from the fact that such a strategy makes no obvious business sense, to suggest this is what they are doing perhaps derives from a lack of knowledge about the inner workings of the company, what the various groups are aiming for and within what overall corporate strategy.
-
Again, that is your opinion. It is not fact nor is it a consensus. That link to the Adobe discussion is just users of their software (not Adobe employee customer service reps) talking about their opinion and feelings toward how a company decides to conduct business.
I'm not a shill for Adobe by any long shot. I finally plunked down my $133 CS3 to CS5 upgrade, installed the software and don't even use it because of the learning curve involved familiarizing myself with all the added features, placement and redesign of tools and that confounded workspace tool palette "tabby thingy" arranging I have to keep clicking on to get it to collapse and stay out of the way. I just got used to how CS3 deals with this.
I get the impression Adobe is just trying to force photographers to move to Lightroom by irritating the hell out of them with each Photoshop upgrade redesign, but that's my frustration centric opinion that can't be proven that it is shared by every owner of CS5.
I mean that there is a link and few screenshots with highlighted text (with red color) and it should be a pretty clear fact. I did not mean that this discussion is a fact by itself.
Regards, Filip
-------------------------
http://shotworldwide.com
-
http://dilbert.com/strips/comic/2000-03-19/
:D, especially the last panel :D
-
http://dilbert.com/strips/comic/2000-03-19/
:D, especially the last panel :D
ROFL!! Ain't it the truth. ;D
(For a bonus laugh, look at the date of that Dilbert strip!)
Plus ça change, plus ça meme chose.
-
Now tell me WHY Adobe should want to push their customers into a low-priced application at the expense of a high-priced application? Apart from the fact that such a strategy makes no obvious business sense, to suggest this is what they are doing perhaps derives from a lack of knowledge about the inner workings of the company, what the various groups are aiming for and within what overall corporate strategy.
Mark, it's just an impression expressed as humorous hyperbole in ribbing a giant (Adobe) we've all come to love because of all the magical qualities in their software and the fact they really don't seem to want to grind our bones to make their bread regardless of what the Dilbert cartoon implies. Gotta' love the Dilbert.
But if someone is going to redesign the interface of software their client base has been using for at least two decades as some form of Steve Jobs "Sell them what they don't know they want" strategy, they'ld better make it clear what it is we want because currently it still takes a lot of my time getting what I know I want out of my Raw images and being able to print on demand business cards to my $70 inkjet in addition to quick processing of those Raws for uploading to the web. Right now I got my workspace and methods nailed down, understandable and straightforward.
Doing all that in CS5 I'm like...uuh...OK...what the hell, what's that little do hicky thing, why do my tool palette icons look so odd and a bit smaller and what's that extra stuff when I option or control click on it. It wasn't there before. Why does Bridge take forever caching previews with that constantly spinning icon in the corner in filmstrip view mode? It doesn't do this in CS3.
I have never had any problems with Adobe customer service because I never call them. I usually figure out another way of doing something as a work around because as we all know Adobe has engineered their software to allow anyone to get the same results doing it a dozen or so different ways. What else explains all the interface clutter and nested dialog boxes. Adobe knows what we want and that is to make the best looking image possible rendered in the quickest, easiest way.
Why would I want security opening someone else's images? I'm not interested in someone elses images. I'm only interested mine. You work at an ad agency or graphic design shop? Why are you opening images from strange places when they should be from copyright protected known sources? I'm trying to figure out where the boogie man is in all this and who are the ones afraid of him.
-
Why would I want security opening someone else's images? I'm not interested in someone elses images. I'm only interested mine. You work at an ad agency or graphic design shop? Why are you opening images from strange places when they should be from copyright protected known sources? I'm trying to figure out where the boogie man is in all this and who are the ones afraid of him.
If you are busy you don't have time to think about everything and you can accidentally open infected file. Professional studios are dealing with many files on daily basis and the risk could be huge here …
Regards, Filip
--------------------------------------------------
http://shotworldwide.com & http://photoapps.info
-
If you are busy you don't have time to think about everything and you can accidentally open infected file. Professional studios are dealing with many files on daily basis and the risk could be huge here …
How many pro studios opening many files on a daily basis are still using CS4 or earlier?
-
How many pro studios opening many files on a daily basis are still using CS4 or earlier?
Have you ever been abroad? You have a lot of countries which aren't so rich and people living there are forced to pay much more for Adobe's products than US customers.
But internet is without borders among countries.
Regards, Filip
---------------------------------------------------
http://shotworldwide.com & http://photoapps.info
-
Define abroad?
I live in Australia. I have Australian and British citizenship. I've been to every continent except Antarctica. I've slept in 5 star (+) hotels, under the stars on the bare ground, and shared a mattress and used a water pipe as a pillow in a basement. I've shared pizza with street kids in Vancouver and dined with a Governor-General in Sydney. I've seen a lot. I don't think it's at all relevant to the discussion at hand.
There are still NO reported occurrences of this. There's been a proof of concept. Those who are truly processing so many images that they don't have time to see where they came from are the most likely to be able to afford an upgrade and to want to upgrade, but if you want to use non sequiturs be my guest.
-
I am really sorry but I don't get your point. There age millions of Photoshop users out and there is a potential risk of misusing this vulnerability and Adobe doesn't care …
Regards, Filip
BTW. We have similar life experience :)
--------------------------------------------------
http://shotworldwide.com & http://photoapps.info
-
On a slightly off topic but sort of related subject regarding web surfing computer security issues, I recently downloaded for my 2010 Mac Mini's OS 10.6.8 security update which includeds an updated version of Safari and was surprised to find Safari's security is now rigged to disable older versions of Adobe Flashplayer according to this tech doc...
http://support.apple.com/kb/HT5271.
At least Apple gives instructions on how to reverse this.
Not sure if this does anything because I don't see any changes to performance or get any notices disabling Flashplayer, but it does point out Apple is getting aggressive about web surfing related security.
-
Who says Adobe doesn't care? They responded to complaints it wasn't going back to 5.x (either clarifying a bad communication or fixing a mistake - not sure). But how much should they expend to guard against something that hasn't actually happened to software that is more than 2.5 releases old?
If there was a huge rush of actual problems, maybe there would be more cause for action. At the moment, though, there's a proof of concept and nothing else. The kind of places that are likely (and I use the word loosely) to open an image from an unidentified source bcause of a *need* to do so, are far more likely to be on 5+. Individual users who are using older versions are very unlikely to *need* to open images from unknown sources *with* Photoshop (as opposed to a simple image viewer).
-
It's been over two weeks since Adobe announced a critical security vulnerability in Photoshop CS5x...
...and still no patch has been announced on their Product Security Response page (http://blogs.adobe.com/psirt/).
-
On a slightly off topic but sort of related subject regarding web surfing computer security issues, I recently downloaded for my 2010 Mac Mini's OS 10.6.8 security update which includeds an updated version of Safari and was surprised to find Safari's security is now rigged to disable older versions of Adobe Flashplayer according to this tech doc...
http://support.apple.com/kb/HT5271.
At least Apple gives instructions on how to reverse this.
Not sure if this does anything because I don't see any changes to performance or get any notices disabling Flashplayer, but it does point out Apple is getting aggressive about web surfing related security.
Yesterday, I came across this advice http://apple.stackexchange.com/questions/37868/why-does-safari-freeze-on-youtube-html5-videos and removed two flash files from ~/Library/Internet Plug-ins and my computer is running much faster and smoother now. If I want to watch flash I use Chrome - it doesn't require these files and plays flash files independently.
I hope that Flash and IE will die soon :)
Regards, Filip
--------------------------------------------------
http://shotworldwide.com & http://photoapps.info
-
Yesterday, I came across this advice http://apple.stackexchange.com/questions/37868/why-does-safari-freeze-on-youtube-html5-videos and removed two flash files from ~/Library/Internet Plug-ins and my computer is running much faster and smoother now. If I want to watch flash I use Chrome - it doesn't require these files and plays flash files independently.
I hope that Flash and IE will die soon :)
Regards, Filip
--------------------------------------------------
http://shotworldwide.com & http://photoapps.info
I'm using Firefox on Snow Leopard and YouTube videos work fine. Nothing crashes or freezes. I've got the latest updates of Snow Leopard and Flash installed. Maybe the problem is specific to Safari?
-
I'm using Firefox on Snow Leopard and YouTube videos work fine. Nothing crashes or freezes. I've got the latest updates of Snow Leopard and Flash installed. Maybe the problem is specific to Safari?
It is not about stability but about CPU usage - it takes a lot of CPU - Flash is … (very bad)
Regards, Filip
--------------------------------------------------
http://shotworldwide.com & http://photoapps.info
-
Fair enough - you have a point there. Being on high speed broadband with a well-spec'd MacPro I wouldn't see this problem, but for a great many others it could be a real show-stopper.
-
And next thing is here: why should any website store any informations on my computer?
I wouldn't say this is out of this security issue topic.
Regards, Filip
--------------------------------------------------
http://shotworldwide.com & http://photoapps.info
-
What's the issue here: they do give you an option to block it all. Some people - many in fact, actually find it convenient to allow such information to be stored; it can be handy for various totally benign reasons. Whether anything less benign accompanies that option is another story though. But we do have a choice and it's a button click.
-
OK. You are right. We have a choice to choose. By default it is set up ON. Personally, I don't like Flash from the beginning. HTML/CSS is much better and faster.
I am on MacBook Pro and even on this computer my fans are running all the time because of Flash.
Regards, Filip
--------------------------------------------------
http://shotworldwide.com & http://photoapps.info
-
Flash use on OS X used to be an issue - about 6-12 months ago (I really can't remember) an update pretty much sorted that out (had a lot to do with OS X not allowing access to certain things that were easily accessed under Windows, which has never really had a resource issue with Flash).
These days, animosity against Flash is pretty much historical and not based on any actual problem.
-
These days, animosity against Flash is pretty much historical and not based on any actual problem.
:)
Please wait, I am loading …
Regards, Filip
--------------------------------------------------
http://shotworldwide.com & http://photoapps.info
-
So, now that PS6 has been out awhile, where are the security updates to PS5?
-
So, now that PS6 has been out awhile, where are the security updates to PS5?
12.0.5 and 12.1.1 (for CS5 and CS5.5 respectively) have already been released a little over a week ago.
http://helpx.adobe.com/photoshop/kb/security-update-photoshop.html
-
Thank you for the link. I have updated my PS5 (12.0.5). I have been checking the "Updates" on the Help menu in PS5 for awhile. Strange that it never picked up on the update.
By the way, what is the difference in 5 and 5.5?
-
5.5 was a paid upgrade, introducing new features mid-cycle. Details will be on Adobe's website somewhere.
-
I have been checking the "Updates" on the Help menu in PS5 for awhile. Strange that it never picked up on the update.
Me too. Checking for updates doesn't pick up this update. You've got to know about it and go get it. Clearly this update has some kind of 2nd class status. (Gee, we could have whole 'nother thread just about the lower status of this update.)
--Milt--