The Brick Hits The Fan
Last week’s post described a dangerous method—the bootstrap loader—being used by Adobe’s Reader for upgrading.
This is the second time I’ve run into that method. I don’t recall the previous culprit, but I know I got it at download.com (operated by CNET). I didn’t like it, but since I’ve been using this site forever, I trusted them—just like I trusted Adobe. No more. Here I am posing as an expert and I fell for this twice.
Until now, viruses and their dirty ilk had to be small, had to be cleverly miniscule to sneak onto our machines. No more. Now all the bad guys have to do is con you into accepting one of these bootstrap loaders. Now malware can be as big as you have time to download it. No longer do the malware makers have to be skilled in shrinking their evil code. Now any moron can do it, as long as they can fool you (as Adobe fooled me) into running one of these bootstrap loaders.
Note that I checked that Adobe “install” program with my Avast! virus scanner. It found no problem. And that program—running as though I wasn’t there—went online, downloaded a very large program, and ran it. All that time, I didn’t know how big the download would be, or that it would run without even asking me.
Okay, so maybe this isn’t technically malware per se. However, it’s potentially far more damaging than ordinary malware because of its size. A download like this could easily include dozens, if not hundreds, of malware programs. Think about it.
Of course, a virus scanner isn’t the only line of defense. A good firewall (like my Online Armor) should ask you when an unknown program wants to download. It did ask. But because it was from Adobe, I approved it.
The greater danger here is that the more we become accustomed to this stupid and dangerous method, the less vigilant we’ll become. Then where will we be when the bad guys use it? The first step off this slippery slope is a killer.
As for Adobe Reader? No more. Found a nice, free substitute: Foxit.