[LINK] Acrobat phone home?
lannet at lannet.com.au
Fri Feb 6 11:24:52 EST 2004
On Fri, 2004-02-06 at 09:06, Chirgwin, Richard wrote:
> > On Thu, 5 Feb 2004 15:48:18 +1000 Chirgwin, Richard wrote:
> > >Wondering if anyone else had noticed this ... a while back,
> > I took the
> > >upgrade to Acrobat Reader 6.0. It's appallingly slow, and
> > the interface is
> > >like a lollipop (I hate being patronised by computers!) but it works.
> > >
> > >Except this: even after it's shut down, it sometimes leaves
> > a process in the
> > >Windows tasklist.
> > What is the name of the process that is left running?
> acrord32.exe - that is, Acrobat Reader.
> > According to someone here:
> > http://storageforum.net/forum/viewtopic.php?t=2911
> > it's one of the plugins in the "full" version of Reader 6 that causes
> > phoning home, but unknown which one.
> Not in my case; I don't have the paid-for version, just the must-have free
> > I suspect it's not auto update but DRM or licence management/control.
> ...which would be truly appalling on the "free" version! Thanks for your
> thoughts & research, and it looks like I still have some work to do to
> figure this out...
> Thanks everyone for the efforts on my behalf!
> One last thing. Howard noted that the outbound TCP connections should change
> each time the process appears. Correct, and thanks for pointing it out. The
> listening port is, of course, static.
> When the process is trying to make it's once-a-minute outbound connections,
> which I am refusing, it increments the port number to try again. This is, I
> guess, a straightforward behaviour: Acrobat's developers have assumed that
> the reader is going to run into corporate firewalls with tight security
> policies, so it steps through the port list looking for one that's open.
No, that is pretty much standard procedure for establishing a socket,
the source port is selected from a round robin pool of port number
(usually) above 1023.
> Which, to me, fits under the heading "worse and worse". If a company (or an
> individual) is setting up a security policy, then for a software developer
> to try and circumvent that policy is irresponsible. Culpable, even.
What it does demonstrate is that few firewall have few, if any, controls
on internal clients establishing outbound connection. Email borne
viruses would be far less effective if all outbound connections to port
25 outside of the firewall were to be either blocked or redirected to a
corporate mail server with all the bells and whistles.
The same goes for connections to port 110 (POP3) and port 80 (HTTP).
Just imagine the screams from the PHBs if the y are blocked from
accessing CommBank, or their Hotmail account, or their private ISP email
account, whilst at work. IMO they should be blocked from such access,
but it ain't gonna happen RSN.
> Richard Chirgwin
> Link mailing list
> Link at mailman.anu.edu.au
LANNet Computing Associates - Your Linux people <http://www.lannetlinux.com>
Flatter government, not fatter government - Get rid of the Australian states.
To mess up a Linux box, you need to work at it;
to mess up your Windows box, you just need to work on it.
- Scott Granneman, SecurityFocus
More information about the Link