Bloomberg Anywhere Remote Login Bloomberg Terminal Demo Request


Connecting decision makers to a dynamic network of information, people and ideas, Bloomberg quickly and accurately delivers business and financial information, news and insight around the world.


Financial Products

Enterprise Products


Customer Support

  • Americas

    +1 212 318 2000

  • Europe, Middle East, & Africa

    +44 20 7330 7500

  • Asia Pacific

    +65 6212 1000


Industry Products

Media Services

Follow Us

New Business

Can Adobe Beat Back the Hackers?

For years, Adobe Systems (ADBE) has occupied a quiet corner of the personal-computer industry. Photographers and designers use its software to clean up photos and set up Web sites. Workers everywhere trade electronic documents formatted with Adobe's programs, often without knowing the company behind the software.

Now Adobe is attracting the unwanted attention of hackers—and security experts are concerned the company isn't doing enough to repel assaults. So far this year, Adobe has released nine security updates for the current version of its Acrobat Reader software, up from four in 2008, says Moscow security firm Kaspersky Lab. Adobe appears to have replaced Microsoft (MSFT) as the primary means by which hackers try to infect or take control of PCs. "Adobe at the moment is the main target," says Roel Schouwenberg, a Kasperky senior antivirus researcher in Woburn, Mass.

Historically, Adobe hasn't had to contend with attacks, so it hasn't been focused on potential weaknesses. But as Microsoft has toughened up its security, Adobe has become a more tempting prey. Its software, particularly Flash for Web video and Reader for documents, is loaded on virtually every personal computer.

Vulnerabilities in such widely used software can cause myriad problems. More than a dozen sites, including those of The New York Times, USA Today, and Nature, have been infected with fake ads that exploit Adobe software. In the case of the Times, if Web surfers clicked on an ad for antivirus software, malicious code would take control of their computers through Flash and direct them to a site infested with malware. Other attacks circulate via e-mail, with virus-laden PDF files that open in Acrobat Reader.

SCRAMBLING TO RESPONDSecurity specialists fret Adobe lacks the firepower to stop the attacks. With an estimated $2.9 billion in sales this year, the company is one-twentieth the size of Microsoft, with a much smaller engineering staff. Microsoft issues monthly security patches for Windows and gives away antivirus software. Adobe said in May it would begin releasing regular quarterly security fixes for Reader in September and then missed that deadline by a month. A second update will be delayed until January. "So far there's been no consistency at all," says Chet Wisniewski, a security analyst at antivirus software maker Sophos.

Adobe concedes its popularity with hackers is growing but says it is gaining the upper hand. It has five times as many engineers working on security as two years ago and has trained its entire Reader team on safe programming practices. "We're over the hump of being reactive," says Chief Technology Officer Kevin M. Lynch. Adobe has sought security advice from Microsoft and Google (GOOG).

If it gets a handle on its security problems, hackers will turn their attention elsewhere. Yahoo!'s (YHOO) instant messenger and Apple's (AAPL) iPhone, for example, are starting to see attacks.

The case of Adobe illustrates a conundrum for tech companies: They need to balance spending on new products, which brings in revenue, with spending on security, which doesn't. Adobe, though solidly profitable, laid off 680 people, 9% of its workforce, on Nov. 10. The need to step up security spending is "not an uncommon problem, but Adobe's going to have to get their arms around it," says Rob Enderle, president of consultant Enderle Group.
Ricadela is a reporter for Bloomberg News and Bloomberg Businessweek in Frankfurt.

blog comments powered by Disqus