[LINK] Avoiding evil empires (Adobe PDF Reader etc.) & falling into the hands of smaller but perhaps no less evil operators

Robin Whittle rw at firstpr.com.au
Tue Sep 21 23:50:57 AEST 2010 

I get sick of all the security vulnerabilities in Adobe Reader and the
consequent need for updates (Adobe Flash too.) and tried using an
alternative: Nuance PDF Reader 6.0, on my Windows XP
machine:

  http://www.nuance.com/for-business/by-product/pdf/pdfreader/

Nuance took over Scansoft who made some OCR and PDF creation software
which I think is highly respected.

The installation system (or was it the pre-download interrogation?)
asked an extraordinary number of demographic and lifestyle
questions, which could be ignored.  The program seems to work OK - but
I have only been using it for a day.  I have been able to read PDF
files using it as a standalone program and within Firefox.

However, I noticed a new thing in the Start bar, labelled just
"Software updates":

C:\Documents and Settings\All Users\Application
Data\FLEXnet\Connect\11\ISUSPM.exe"

This directory was created at the same time as the Nuance
installation.  There was no mention of it at the Nuance site, or
during installation.  Maybe there was mention of it in whatever terms
and conditions I agreed to.  I couldn't delete the directory.
Googling lead me to an investigation of this problem:

  http://linkme4ever.com/forum/?p=4051

which occurs with the commercial product (USD$46) PDF Converter Pro 6.0:

    Following installation, I noticed a new 'program' in the 'All
    Programs' list, mysteriously named 'Software Update'.
    Removal was difficult because there was no mention of the
    software in the Control Panel's 'Programs and Features'.  Further
    investigation revealed that this was a product named FLEXnet
    Connect by ACRESSO and that it was, in fact installed by Nuance
    together with Converter without telling me that it was doing so
    and why.  The ACRESSO site stated that "FLEXnet Connect is a
    solution that ACRESSO sells to software vendors that is designed
    to help you stay connected with your customers after they install
    your applications.  Keeping software updated is one of the many
    benefits of FLEXnet Connect, but Acresso also recommends that
    software vendors build in an option to disable automatic update
    checking." One wonders what the other benefits of installing this
    little spy-like module might be.

    To my surprise, the 'software vendor', Nuance in this case,
    decided to remove the 'disable automatic...' option and, whether
    I wanted it or not, my computer was going to call Nuance every
    day at 10 a.m., just to say 'hi', I suppose.  To their credit,
    ACRESSO has an 'uninstall' utility at their own site and,
    hopefully, the the process was successful but I do NOT appreciate
    Nuance's insistence of staying in touch with my computer, whether
    I wanted it or not and without asking for my permission.  The
    Reference Guide does not mention ACRESSO, FLEXnet Connect or the
    fact that some third party software was installed.

I found I couldn't delete this directory.  There was no mention of
FLEXnet or similar in the Control Panel > Add or remove programs
thingo.  So went looking for the uninstall program.  Acresso is now
Flexara (http://www.flexerasoftware.com) and the "Support > Consumers
with installation issues" menu item took me to yet another site:

http://consumer.installshield.com/
http://consumer.installshield.com/faqs_us.asp
http://kb.flexerasoftware.com/selfservice/microsites/search.do?cmd=displayKC&docType=kc&externalId=Q111106

I downloaded and ran the uninstaller.  This got rid of the shortcut in
the Start menu, but failed (silently) to get rid of the directory with
its multiple executable programs.  This is probably due to the
uninstaller having no idea where the software was installed.  It was
Nuance who decided to put the executables in a sub-directory of
"Documents and Settings" - which itself is a cause for alarm, since I
guess malware often installs itself in unexpected places.

I tried to delete the directory, but this was impossible, due to the
fact I had run the ISUSPM program and that it was still running as a
process after I closed it.  So after rebooting (killing the process
would have worked too) I was able to delete the directory.

Now, I guess, Nuance PDF Reader's automatic update facility won't
work.  But there is a manual update menu item.

I think there's nothing in principle wrong with the FLEXnet program.
It can list the various applications it is responsible for updating.
However, suddenly having something like this appear in my system,
especially when it is not visible in the Control Panel system, means
it is indistinguishable from a Trojan, without a great deal of research.

So far, there's no reason to believe the Nuance software is evil - but
it took an hour or so to handle an unexpected impact of its
installation, which was initially indistinguishable from a Trojan.


I may try using Foxit Reader as an Adobe Reader alternative.  I tried
it once a year or two ago, and I recall it was OK, but didn't handle
all files as I expected.

  - Robin

More information about the Link mailing list