Adobe Acrobat 8, SafeCast and SSM

Discussion in 'malware problems & news' started by concerned807, Jun 26, 2007.

Thread Status:
Not open for further replies.
  1. concerned807

    concerned807 Registered Member

    Joined:
    Dec 2, 2004
    Posts:
    68
    Due to work situation, I need to upgrade to Adobe Acrobat 8. In this thread, I'd like to describe my security/privacy concerns about Acrobat 8 and to seek advices that address my concerns.

    Based on my research so far, Acrobat 8 (both trial and retail) uses the notorious SafeCast anti-piracy scheme. SafeCast installs driver "CDAC11BA.EXE", creates Windows services and make numerous system level modifications and injections.

    My experience with SafeCast was when I used a dictionary program which also used SafeCast. My HIPS program is SSM (System Safety Monitor). With SSM enabled, when I ran the dictionary program, SSM got me numerous and continuous alerts and warnings. The frequency of alerts was so high, I think, because SafeCast created random instances of Windows services and system injections for which SSM was unable to find a pattern to make rule. In short, with SSM enabled, it was nearly impossible to run a SafeCast-protected program due to the magnitude of alerts. I am unsure about to what extent the SafeCast scheme may jeopardize security/privacy.

    I think once Acrobat 8 is installed I will again run into the above SafeCast nightmare.

    Any SSM users out there who can advise how to use SSM to manage SafeCast-protected programs w/o the lose of security/privacy?
    Are there ways to have SSM ignore/exclude certain things?
    In summary, is there a trade-off approach?
     
  2. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,700
    Hello,
    Use Foxit. 100 times smaller footprint and size, 1,000 less intrusion.
    Safer, faster, better.
    Mrk
     
  3. concerned807

    concerned807 Registered Member

    Joined:
    Dec 2, 2004
    Posts:
    68
    As pure reader I use Foxit too. But At my work, many PDF are made using encryption provided by recent Acrobat. Foxit does not count for those...
     
  4. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,054
    Good old Adobe. Couple of thoughts, and how well they would suit you depends on your work situation.

    I have a couple of pain in the but programs like that and one solution I've come up with is install them in a VM machine. There I can run with a little more risk.

    Another possiblity assuming your online exposure isn't very risky, is just shut down the parts of SSM that give you trouble with Adobe.

    Final idea, and this would only work if you usage of Adobe was lighter than other stuff you do. Use an App like Returnil. Then when you need to use Adobe, turn on Returnil's protection and shutdown SSM. Do your adobe work saving the PDF files in Returni's, virtual partition. When done you would need to re boot, but your pdf work is saved, and anything else that may of happened is gone. Also your SSM would be turned back on automatically.

    Pete
     
Thread Status:
Not open for further replies.