Updates to Adobe CS3

Topic

New Reply

I bought Creative Suite 3 not so many years ago (CS5 now exists) and Adobe have said that they will no longer provide security updates.
My questions are:
Does this matter?
Are there any legal ways round this?
Do you feel this is an acceptable way for Adobe to behave?
Is it time to jump ship and head for freeware?

Reply | Quote

Replies

I bought Creative Suite 3 not so many years ago (CS5 now exists) and Adobe have said that they will no longer provide security updates.
My questions are:
Does this matter?

I’ve never heard of any specific exploits for Dreamweaver. There may be some for Photoshop because it has to open binary files. Of course, Acrobat and Flash are a concern. And there was some other stuff… so security updates may be important.

Are there any legal ways round this?
Do you feel this is an acceptable way for Adobe to behave?
Is it time to jump ship and head for freeware?

If you review your end user license agreement, you may find that you have no legal recourse. Consumer protection laws might or might not apply. Unless you find attorneys who will take a class action suit on a contingency fee, it would be cheaper to upgrade or switch than to pursue legal action.

As for how long companies should issue security updates, I don’t think there is an industry standard. According to Wikipedia, CS4 shipped on October 15, 2008, about two years ago. Is two years too short to maintain a legacy product suite, or the products it contained? I think a lot of people will continue to use CS3 for years to come. Perhaps a pressure campaign (online petitions, etc.) would help?

Reply | Quote

Actually, CS3 came out in March 2007, so that is 3-1/2 years ago. Most reputable software manufacturers will support the current release and one release back. Given 1-1/2 to 2 years between releases, this means that about every 3 to 4 years you have to upgrade to the latest release.

As far as security goes, don’t assume that even the latest CS version is secure. See this thread about someone who ran a security scanner against CS5:
http://lounge.windowssecrets.com/index.php?showtopic=776073&hl=java%20adobe&st=0

Reply | Quote

Actually, CS3 came out in March 2007, so that is 3-1/2 years ago.

I quoted the date for the release of CS4 because until then, CS3 was the current version, and the end-of-life clock hadn’t started running. But you could look at it either way.

Reply | Quote

these are thought provoking and sobering replies. many thanks. rather than going for a class action I’ll probably upgrade photoshop and ditch the rest. These products are so expensive and security clumsily handled, but if you spend years learning to use them it is difficult not to just carry on using them.

Reply | Quote

What is your operating system, and what are your system resources?

I don’t have the answer to my own line of questioning, but the questions it raises in my own mind are whether or not you can run it in a sandbox or on a virtual machine, or something along that line. Surely the primary lines of defense are with the operating system (and hardware firewall). All of the hype about Windows 7 XP Mode or Virtual XP have led me to believe that I could securely run legacy software under Windows 7 with, if not impunity, at least respectable protection.

It won’t work as an application to activate them, but you can run faithful old Adobe Type Manager to keep your Type 1 font collection organized if you ever organized it in the first place. When you do want to activate one or more fonts you copy both *.prm and *.pfb to WindowsFonts, and to de-activate, assuming that you copied, you drag them from Wimdows/Fonts to the recycle bin. I realize there are other means of accomplishing this, but Windows is not Type 1-friendly in the post-XP world. Microsoft keeps dropping updates for its own products as the years go by, so Adobe is not alone.

Reply | Quote

All of the hype about Windows 7 XP Mode or Virtual XP have led me to believe that I could securely run legacy software under Windows 7 with, if not impunity, at least respectable protection.

I wouldn’t rely on hype alone. I’m pretty sure XP Mode shares the file system with Windows 7. One of the recommended first steps in setting up XP Mode is to install antivirus software. (Note to self: read up further on this when time permits.)

Reply | Quote

I have 2 machines (laptop and main pc), both running with win 7 and 4 ram in each and a belkin router (with firewall) and each machine protected by avg “internet security”.
I think you are right but when my secunia psi tells me that these are “end of life” programs and nothing can be done and the time taken to learn them and they were so expensive.
enough moaning….I’ll go on using them

Reply | Quote

… these are “end of life” programs and nothing can be done and the time taken to learn them and they were so expensive.
enough moaning….I’ll go on using them

I think that for the same reason not many bad guys are likely to be exploiting vulnerabilities or are looking for machines that have them.

Users with a lot of money are professionals and have a tax write-off for new versions, so they stay up to date, as do users with a lot of money period. One thing to remember is that if you get too far behind you won’t qualify for upgrade prices. (I think that Adobe has a modest discount in effect at present for CS5.) It costs a fortune to buy in the first place, but upgrades are a fraction of the original price.

As for learning it, new versions are normally the same thing you have already learned plus an assortment of changes (unless you are a long way behind).

Reply | Quote

I’m pretty sure XP Mode shares the file system with Windows 7.

Most VM systems (XP Mode included) use their own virtual disks. A virtual disk is simply a large file (or multiple files) sitting on the host’s (the host in Win 7 in your case) disk. This large file appears as the C: drive in the client OS (or as “/” in Linux). If the VM gets infected, just deleting the virtual disk should take care of it.

Most VM systems also allow you to mount host directories into the client VM. As an example, you can mount your Documents directory into XP Mode. This of course opens the possibility for enabling malware running in the XP mode to access/corrupt the files in the host.

Just because a client OS (XP in this case) is running within a host that is protected with security software does not mean that the client is protected – you must install security software in the client VM also. This can get expensive if you use a commercial security solution (since they are licensed essentially per install), which is why having a set of good freeware alternatives available for your VMs is always a good idea.

Reply | Quote

The matter of AV and malware protection is probably already taken care of for most users in that the EULA typically allows up to three installations, so if you will have enough for 1-1/2 computers and use a freeware AV for the fourth (virtual or other) machine.

Two additional possibilities that I failed to include are a dual-boot computer and multiple computers, although you covered the latter by saying you have a desktop and a portable. You were probably running CS3 on a different O/S, and if you still have a legitimate copy of that O/S, you could use that with a dual-boot setup if you wanted.

Offline use is seldom mentioned, but if your computer is not already infected and no data you add to it from offline sources is a source of trouble, then you can use the computer offline for any programs that worry you, obviously exclusive of programs that require you to be online. If you are working offline then you can turn off your antivirus and all the rest of it, as you have nothing to worry about and you will free resources for the work at hand. Just remember to turn it on again before going online.

Reply | Quote