QUOTE (helvick @ Nov 1 2008, 07:03 PM)
I think it is only fair to point out that Adobe recommends that you upgrade to v10 and run at least version 10.0.12.36 because earlier versions are vulnerable to a number of fairly significant security flaws
< begin: infosec public service announcement...>
Indeed... http://www.theregister.co.uk/2008/10/31/si...l_trojan_heist/ http://www.theregister.co.uk/2008/10/31/to...banking_trojan/
This thing, which infected victim's machines through Flash security bugs (amongst others) was in the wild and stealing bank / CC account information, personal ID data and passwords for 18 months before being discovered. (At that point a lot of people suddenly get virus alerts... without realising they've been infected for a long time.) Now that Windows auto-updates itself fairly reliably, the merchants of such remote-access trojans, data stealers, spam-bots and suchlike are increasingly relying on exploits against vulnerabilities in browser plugins - stuff like Flash, Acrobat, QuickTime, even Java - and for more targeted attacks, things like Word, Excel and Powerpoint.
Yes, it's a pain sometimes; I've found quite a few online video sites have broken in v10, most recently the Dan Maas / MER stuff -- *very* frustrating! - and "fullscreen" crashes my browser - however I'd rather have crashy software than an empty bank account. Youtube and the BBC News online works, and that's good enough for me. YMMV. If you really MUST use the older versions, I strongly recommend having two separate systems; treat one as expendable, and never do any online banking, checking webmail, or log into anything important on that machine. Personally
, I'd never rely on A/V, any more than I'd rely on a firewall; not having insecure, widely deployed software installed in the first place is a much better bet... and whatever you use, make sure you apply security patches & updates! Using "minority" apps, OSes (and even non-Intel x86 architectures) also helps reduce the threat a great deal. Of course, that still leaves targeted attacks by the proverbial North Korean ninja types,.. but that's another story.
You can check whether Flash needs an update, here: http://kb.adobe.com/selfservice/viewConten...rnalId=tn_15507
For Acrobat, you need to check the version manually ("Help" menu, then "About Acrobat Reader", in the stand-alone application.) At the time of writing the latest version is 8.1.2 . Get it here (Warning, 47Mb!) http://www.adobe.com/products/acrobat/read...llversions.html