[octoberasian]

Table of Contents:
Security notices found so far.

• smart.dll
• taizi.exe
• Zero-day IE Flaw * Fixed in (KB956802) on 12/17/2008. Run Windows Update.
• ActiveX Vulnerability
• Adobe Viewer/Acrobat and PDF file vulnerability * Fixed on 03/11/2009. Read post below.
• Adobe Flash Player update to version 10.0.22.87. Vulnerability found.
• Adobe Reader/Acrobat vulnerability found (again). Newest version: 9.1.1
• Adobe and Microsoft critical vulnerabilities. Major update!
• Possible infection on FFXI Atlas found.
• Warning about phishing and e-mail scams.
• Firefox 3.5 Javascript vulnerability found.
• FFXI Atlas completely infected; Firefox 3.5.1 vulnerability to DoS attacks
• Exploits found in Flash Player 9 & 10, and Adobe Reader 9.1.2
• Updates to Adobe Reader and Flash Player; Firefox 3.5.2; and a notice from PlayOnline.com
• Security updates for Microsoft-related products and software for the month of October, 2009
• Notice about infected Facebook apps
• Avast Virus Definitions update (Dec. 2, 2009) flagging nearly every file as a false positive.
• Avast Virus Definitions updated (Dec. 3, 2009) fixes the previous issue.
• Security issue (again) in Internet Explorer
• Security issue in Internet Explorer is patched
• Vulnerability in Internet Explorer may allow information disclosure to attackers
• FFXI Wikia has another malware warning...

NOTICE:

February 7, 2010

A malware has been found on FFXI Wika again, and it is most likely another infected RMT banner ad. Read my post at the end to take extra precautions.

February 3, 2010

A security vulnerability within Internet Explorer 6 to 8 may allow information disclosure to attackers.

January 21, 2010

Microsoft released an update for Internet Explorer 5, 6, 7 and 8 for operating systems (OSes) from Windows XP to Windows Server 2008 R2. Update will be automatic if you have Windows Update enabled on your computer. Update immediately if you do not.

January 15, 2010

A security issue in IE whereby someone could remotely execute code on another computer is the same exploit used to compromise Google's servers a week ago. Highly advisable that IE users switch to another web browser until an update is released.

Spoiler

December 3, 2009

Avast has updated its virus definitions to fix a serious definitions issue last night that falsely flagged programs and files compiled in Delphi as being infected. IT IS IMPORTANT TO MANUALLY UPDATE AVAST TO FIX THIS ISSUE.

December 2, 2009

Shutdown or uninstall Avast Antivirus until a virus definition update fixes the issue. Reinstall or re-activate Avast afterwards.

A recent virus definition update is flagging SAFE files as being infected.

October 19, 2009

Several apps on Facebook have been found to launch infected PDF files that install fake antivirus programs.

October 13, 2009

Microsoft has released security updates for the month of October which can be found here:
http://www.microsoft...ins/200910.aspx

August 8, 2009

Updates to Adobe Reader and Flash Player; Firefox 3.5.2; and a notice from PlayOnline.com regarding unauthorized access to your account.

July 26, 2009

Exploits found again in Flash Player 9 & 10, and Adobe Reader 9.1.2. iTunes components have been identified as a false positive by AVG Antivirus; a definition update should correct it.

July 19, 2009

FFXI Atlas is now completely infected after checking the website again today. Recently updated Firefox 3.5.1 has been found to have another vulnerability which would make it and the computer it is installed on susceptible to DoS (denial-of-service) attacks.

July 17, 2009

Firefox has been updated to 3.5.1, download the updated browser here. This fixes the vulnerability in Firefox's JIT compiler as warned previously.

July 16, 2009

A vulnerability in Firefox's Javascript rendering engine, JIT compiler, was found and a temporary fix has been suggested until Mozilla.org releases an update within two weeks from today.

June 28, 2009

There have been instances where players would receive an e-mail asking them for very personal and identifiable information such as date of birth, user name and password.

DO NOT REPLY TO THOSE E-MAILS AS THEY ARE SCAMS TRYING TO GET ACCESS TO YOUR ACCOUNT!

June 19, 2009

FFXI Atlas is possibly infected again with another malware. Until this is proven to be a false positive or is removed, it is highly advised to avoid visiting Vana'diel Bestiary section for now.

June 9, 2009

A huge swath of updates for Adobe and Microsoft products that patches a security vulnerability that would potentially allow a hacker access to your computer and take control of it.

May 12, 2009

Another vulnerability was found in Adobe Reader and Acrobat. Please update to version 9.1.1.

Details around found here.

March 12, 2009

Another vulnerability was found in Adobe Flash Player. The update was issued February 24, 2009.

Summary of the vulnerability:

"A potential vulnerability has been identified in Adobe Flash Player 10.0.12.36 and earlier that could allow an attacker who successfully exploits this potential vulnerability to take control of the affected system. A malicious SWF must be loaded in Flash Player by the user for an attacker to exploit this potential vulnerability. Additional vulnerabilities have been addressed in this update. Adobe recommends users update to the most current version of Flash Player available for their platform."

Source: http://www.adobe.com.../apsb09-01.html

Please update Adobe Flash Player to the newest version: 10.0.22.87.

March 6, 2009

A vulnerability has been found in PDF files and Adobe PDF Viewer/Acrobat.

The vulnerability allows a person access and control of your computer when a PDF file is opened in the respective programs.

Vulnerability demonstrated as follows:

Sources:

Adobe Security Bulletin: http://www.adobe.com.../apsa09-01.html

Obsessable Blog: http://www.obsessabl...-infected-file/

Download Squad: http://www.downloads...reader-acrobat/

February 10 & 12, 2009

An exploit in ActiveX was fixed in a February 12, 2009 patch. Another security patch was released on February 10, 2009.

More info here:
Security Bulletin Feb. 12
Security Bulletin Feb. 10

Instructions and download links are listed below.

December 16, 2008

An exploit has been found in Internet Explorer version 5.5 all the way up to version 7 including version 8 Beta.

There are no known fixes at this time.

It is highly recommended to use an alternate web browser such as Firefox or Opera.

Sources:

Download Squad: Internet Explorer v.5 to 8 Beta 2
TrendMicro Blog: Zero-day Exploit

August 29, 2008

A new exploit has been found on FFXI Atlas... again.

Be sure to read Aikar's post here .

Details of the exploit is explained in the following post:
(Source: http://exile.activeb...opicID=20303597)
QUOTE The file is named taizi.exe located on the domain usa.ccxtt.com

It is saved to C:\explorer.exe and is executed from there.

it installs these files:

* c:\windows\system32\.dll - Trojan.PcClient-1603
* c:\windows\system32\drivers\.sys - Trojan.Dropper-10666
* taizi.exe - Unknown Dropper (Scanned; AV Did Not Warn)

Connects to Website (every 30 seconds) :
http://www.crackwg.net/pcshare/pc.txt
- [Contents of File = "59.34.148.248:7866"]

Also Attempts to Connect (Undetermined Amount of Time) :
http://59.34.148.248...3853/753874.jsp (may be randomly generated)


I've added usa.ccxtt.com and crackwg.net to my hosts file so my pc can never reach that domain.

Win XP/Vista host file is found at C:\windows\system32\drivers\etc\hosts

Open it in Notepad and add these lines to it:

127.0.0.1 usa.ccxtt.com

127.0.0.1 crackwg.net

this tells your pc that those domains exist at your loopback address, so if a script (or browser, or anything) ever tries to access those domains, it will just be sending the requests to your own pc, rather than to the real sites.

more info here:

http://www.bluegartr...mp;postcount=30

(click the link on the upper right of that page to view the whole discussion thread)

also from that thread, you will find instructions on how to check 100% if you are infected:

http://www.bluegartr...mp;postcount=58

I dunno how many of y'all follow BG or other forums for this kinda thing so I wanted to pass it along.

Follow Aikar's guide on protecting your web browser here.

More details about the exploit is found here.

August 22, 2008

A new exploit has been found in Flash Player version 9.x and affects even the newest updated version, 9.0.124.0.

Source: http://secwatch.org/...sories/1021314/

It is HIGHLY RECOMMENDED that you follow the instructions posted here (Securing your computer & PlayOnline Account) on how to block Flash movies in either Firefox or Internet Explorer.

This is a preventive measure until Adobe updates Flash player plug-in.

Thanks to Aikar of the Windower forums for finding this out.

In light of a new exploit found on FFXI Somepage again and new reports of compromised accounts, it is advised that you update Adobe Flash Player to version 9.0.124.0.

You may check your Flash Player version here: http://www.adobe.com...ts/flash/about/

Download the newest version here: http://www.adobe.com/go/getflashplayer

According to Adobe:
Source: http://www.adobe.com.../apsb08-11.html
Adobe Blog: http://blogs.adobe.c..._issue_u_1.html

[octoberasian]

Check for "smart.dll" File

The following is pulled from BG Forums.

You may read the forum post here: http://bluegartrls.c...hilit=smart.dll

Full credit goes to Killerx, Izzy and Vandole for finding it and Mafai for the original post.

NOTICE: If you get an error after hitting the "PLAY" button in PlayOnline Viewer that states "Unsupported interface...", please follow the instructions below.

If you are coming across a POL error after the play button about interface not supported, you may have the most recent "bug". Firstly search your PC for smart.dll. If you find this, see The Fix: below.

i was helping a friend and came across this in her hijackthis log as

O20 - Winlogon Notify: Fly - C:WINDOWSSYSTEM32smart.dll

seemed quite suspicious so i loaded up a process scanner and came across it hooking ffxi and no other exes. after removing it, the interface error stopped.


Code:
==================================================
Module Name : smart.dll
Base Address : 0x013C0000
Module Size : 0x0000C000
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158 )
Description : Framebuffer Display Driver
Company : Microsoft Corporation
Product Name : Microsoft? Windows? Operating System
Modified Date : 5/26/2008 11:07:07 AM
File Size : 35,840
Filename : C:WINDOWSsystem32smart.dll
File Attributes : A
==================================================



The fix:

Download HiJackThis ( http://www.trendsecu...ckthis/download ) and save to desktop.

Reboot in safe mode: Spam F8 while rebooting and choose safe mode.

Once in safe mode: Start > Run > type cmd > hit ok.

In command prompt type: regsvr32 /u C:WINDOWSSYSTEM32smart.dll

Hit enter.

Once in safemode run hijackthis, choose perform a system scan.

Look for O20 - Winlogon Notify: Fly - C:WINDOWSSYSTEM32smart.dll

Check it, hit fix checked.

Browse to C:WINDOWSSYSTEM32smart.dll and delete the file. If the file does not delete, try restarting in normal mode and deleting it.

Reboot normally, run HiJackThis for smart.dll, it seemed to not reinstall itself tho.


mod edit: attention-grabbing title

[octoberasian]

FFXI Atlas and "taizi.exe"

(Source: http://exile.activeb...opicID=20303597)

The file is named taizi.exe located on the domain usa.ccxtt.com

It is saved to C:\explorer.exe and is executed from there.

it installs these files:

• c:\windows\system32\<randomly-generated-name>.dll - Trojan.PcClient-1603
• c:\windows\system32\drivers\<randomly-generated-name>.sys - Trojan.Dropper-10666
• taizi.exe - Unknown Dropper (Scanned; AV Did Not Warn)

Connects to Website (every 30 seconds) :
http://www.crackwg.net/pcshare/pc.txt
- [Contents of File = "59.34.148.248:7866"]

Also Attempts to Connect (Undetermined Amount of Time) :
http://59.34.148.248...3853/753874.jsp (may be randomly generated)


I've added usa.ccxtt.com and crackwg.net to my hosts file so my pc can never reach that domain.

Win XP/Vista host file is found at C:\windows\system32\drivers\etc\hosts

Open it in Notepad and add these lines to it:

127.0.0.1 usa.ccxtt.com

127.0.0.1 crackwg.net

this tells your pc that those domains exist at your loopback address, so if a script (or browser, or anything) ever tries to access those domains, it will just be sending the requests to your own pc, rather than to the real sites.

more info here:

http://www.bluegartr...mp;postcount=30

(click the link on the upper right of that page to view the whole discussion thread)

also from that thread, you will find instructions on how to check 100% if you are infected:

http://www.bluegartr...mp;postcount=58

I dunno how many of y'all follow BG or other forums for this kinda thing so I wanted to pass it along.

Greater detail here.

Further instructions on protection:


(Source: http://forums.window...showtopic=13208)


THIS EXPLOIT IS UNPATCHED. THERE IS NO NEW VERSION OF FLASH OUT YET TO FIX IT. PLEASE DO WHAT THIS POST SAYS

Thanks to diemos for notification of this. http://secwatch.org/...sories/1021314/

There is another flash exploit currently unpatched with the Adobe Flash Player.

Users without protection are vulnerable to this exploit.

To protect yourself, please follow this guide first of all to get necessary browser changes: http://forums.window...showtopic=11323

Once you are booted into FireFox with NoScript:

Right click NoScript Icon in bottom right corner -> Options -> Plugins tab

Put a checkbox on "Apply these restrictions to trusted sites too"


This will block Iframes and Flash on EVERY website, even trusted ones, allowing normal javascript to run so site functions but blocking flash/iframes to only run when you specifically allow them for this browsing session.

Any site using flash (ie youtube) will simply have a box with no script icon that you can click to show it.

This will protect you from the new exploit as long as you dont retardedly run a flash file that you shouldnt be.

[octoberasian]

Zero-day IE Exploit
* Notice: Run Windows Update immediately

The security flaw above for Internet Explorer (all versions) was fixed in Windows XP (KB960714/KB956802) this morning.

EDIT:

Download updates here: http://www.microsoft...n/ms08-071.mspx

Choose your Windows OS version below and download the appropriate update.[/b]

Spoiler! --Click here to view--

NOTICE: There are no known fixes to this at the moment other than waiting for Microsoft to patch this.

From BBC:

"In this case, hackers found the hole before Microsoft did," said Rick Ferguson, senior security advisor at Trend Micro. "This is never a good thing."

As many as 10,000 websites have been compromised since the vulnerability was discovered, he said.

"What we've seen from the exploit so far is it stealing game passwords, but it's inevitable that it will be adapted by criminals," he said. "It's just a question of modifying the payload the trojan installs."

From TrendMicro Blog:

Microsoft's recent security updates fail to provide protection against a recently discovered zero-day vulnerability, which could provide opportunities for cyber criminals to compromise PCs. Several websites were found rigged with a malicious Javascript detected by Trend Micro as JS_DLOAD.MD. This script exploits this zero-day vulnerability in Internet Explorer, through a Heap Spray on SDHTML. It also checks for the IE version installed on the affected system, since this exploit targets IE7.

After a successful exploit, it triggers a series of redirections to multiple URLs, then finally connects to one of several different domains — a full list of malicious domains can be found over at ShadowServer, as they have been verifying the domains collected by them and from other security researchers across the industry.

We detect the downloaded files as the following:

• TSPY_ONLINEG.EJH
• TSPY_ONLINEG.EJG
• TSPY_ONLINEG.HAV
• TSPY_ONLINEG.ADR

The toolkit related to this exploit is reportedly being sold in the China underground community. This is quite logical, since TSPY_ONLINEG variants are notorious info-stealers — particularly stealing credentials related to online games, which in turn are very popular in China.

The Trend Micro Smart Protection Network provides protection to users at a desktop level, with all related malicious domains blocked, and files detected. However, this recently discovered flaw remains unpatched by Microsoft.

The SANS Internet Storm Center (ISC) also has additional information posted on this issue in their Daily Incident Handler's blog.

This threat bears strong resemblance to a couple of attacks we've seen this year, which were primarily targeting Chinese gamers:

• A Very Convoluted Chinese Gaming-Info-Stealing Campaign
• Targeted Attack Against Chinese Gamers in New Zero-Day Exploit

Update as of 11 December 2008, 12:00 AM PST:

Trend Micro Researchers have found another sample of the said malware that downloads the file explorer.exe, which is now detected as RTKT_BUREY.C.

Update as of 12 December 2008, 4:00 AM PST:

Microsoft updated their Security Advisory initially published December 10. The update confirms that this zero-day vulnerability not only affects Internet Explorer 7 (IE7), but also all version of Internet Explorer.

SHARETHIS.addEntry({ title: "Zero-Day IE Flaw Being Actively Exploited", url: "http://blog.trendmicro.com/zero-day-ie-flaw-being-actively-exploited/" });

Solution:

Use an alternate web browser not affected by this exploit:
- Firefox 3
- Opera 9
- Safari
- Google Chrome

[Corrderio]

Quick ? About Firefox 3.

I heard awhile back Firefox 3 didn't support NoScript and other plugins? Is that rumor true?

[WolfwoodOfTrigunMax]

*edit* nvm

[Phlow]

Quick ? About Firefox 3.

I heard awhile back Firefox 3 didn't support NoScript and other plugins? Is that rumor true?

Unsure.... I'm on 2.0.0.2 and have NoScript, so i can't vouch for 3.

[octoberasian]

Firefox 3 does support NoScript.

You will have to update the add-on: http://noscript.net/

[octoberasian]

Notice: Run Windows Update immediately

The security flaw above for Internet Explorer (all versions) was fixed in Windows XP (KB960714/KB956802) this morning.

EDIT:

Download updates here: http://www.microsoft...n/ms08-071.mspx

Choose your Windows OS version below and download the appropriate update.

[Aikar]

Another 2 exploits, 1 involving ActiveX was just patched the night before last, so, first install firefox then install windows updates

[octoberasian]

Thank you, Aikar. ^^

Updating post.

[octoberasian]

ActiveX Vulnerability & other security patches

Another 2 exploits, 1 involving ActiveX was just patched the night before last, so, first install firefox then install windows updates

Instructions:

1. Install Firefox.

2. Use the following links to download the updates and install them.

Windows Update: http://windowsupdate.microsoft.com

From ArsTechnica: http://arstechnica.c...lnerability.ars

• Windows XP: http://www.microsoft...05-3a9155a737a7
• Windows XP x64: http://www.microsoft...b0-2223f63e3f56
• Windows Vista: http://www.microsoft...e1-87f96dc73d44
• Windows Vista x64: http://www.microsoft...fa-7c3a276a8f1b

For February 10 Security Bulletin: http://boards.cexx.o...=18127.msg77706

• Microsoft Security Bulletin MS09-002

• Cumulative Security Update for Internet Explorer (961260)
• - http://www.microsoft...n/ms09-002.mspx
• Maximum Severity Rating: Critical
• Vulnerability Impact: Remote Code Execution
• Restart Requirement: Requires restart
• Affected Software: Microsoft Windows, Internet Explorer

• Microsoft Security Bulletin MS09-003Vulnerabilities in Microsoft Exchange Could Allow Remote Code Execution (959239)

• - http://www.microsoft...n/ms09-003.mspx
• Maximum Severity Rating: Critical
• Vulnerability Impact: Remote Code Execution
• Restart Requirement: May require restart
• Affected Software: Microsoft Exchange Server

• Microsoft Security Bulletin MS09-004

• Vulnerability in Microsoft SQL Server Could Allow Remote Code Execution (959420)
• - http://www.microsoft...n/ms09-004.mspx
• Maximum Severity Rating: Important
• Vulnerability Impact: Remote Code Execution
• Restart Requirement: May require restart
• Affected Software: Microsoft SQL Server
• - http://web.nvd.nist....d=CVE-2008-5416
• Last revised:02/12/2009
• CVSS v2 Base Score: 9.0 (HIGH)

• Microsoft Security Bulletin MS09-005Vulnerabilities in Microsoft Office Visio Could Allow Remote Code Execution (957634)

• - http://www.microsoft...n/ms09-005.mspx
• Maximum Severity Rating: Important
• Vulnerability Impact: Remote Code Execution
• Restart Requirement: May require restart
• Affected Software: Microsoft Office

[octoberasian]

Adobe Acrobat/PDF file Vulnerability

Source: http://www.adobe.com.../apsa09-01.html

A critical vulnerability has been identified in Adobe Reader 9 and Acrobat 9 and earlier versions. This vulnerability would cause the application to crash and could potentially allow an attacker to take control of the affected system. There are reports that this issue is being exploited.

A new vulnerability in PDF (portable document format) files was discovered on February 20, 2009. Opening a PDF file infected with the exploit will cause your system to lock up and allow another person access to your computer and take control over it.

It is imperative to stop using Adobe PDF Viewer and including Adobe Acrobat.

Temporary solutions are the following:

• Use an alternate PDF viewer.
  • Foxit PDF Viewer: http://www.foxitsoft...df/rd_intro.php
    • Includes a plug-in to view it in Firefox and Internet Explorer
  • PDF X-change Viewer: http://www.docu-trac...ols/pdfx_viewer
  • Sumatra PDF Viewer: http://blog.kowalczy...apdf/index.html
• Disable Acrobat Javascript in Adobe Viewer/Acrobat:
  • Open Adobe Acrobat Viewer or Adobe Acrobat.
  • Go to Edit > Preferences...
  • Select Javascript.
  • Uncheck "Enable Acrobat Javascript."
  • Click OK and exit the program.

REMEMBER:

These are only temporary fixes. It is unknown at this time that other PDF viewers are affected. The reason being is that the PDF file is the one carrying the exploit.

Adobe won't be adding a fix to the Viewer or Acrobat until March 11, 2009.

Antivirus, antispyware, and antimalware programs will be updated as well or have already have had their definitions updated.

Until then, it is advised to not open any PDF file for now. Even recommended is to not open the PDF file in Internet Explorer or in a standalone Adobe PDF Viewer.

[Corrderio]

WTF.....

[octoberasian]

WTF.....

Someone I know got hacked a week ago and seeing that this vulnerability was found back in February, I have a sinking feeling this may be the culprit.

The reason being is that the previous exploits above should be fixed by now if the person has been keeping their software and OS updated.

For now, avoid opening PDF files. I use it often for work whenever I have to make PDF documents. But, if you are downloading PDF files from places you have a suspicious feeling about, just don't download it at all.

PDF files also encompass eBooks if you are the kind person that uses them. eBooks also come in other file formats but those shouldn't be affected. However, those that do use PDF format for eBooks, just be weary about them especially if you get "free" eBooks from *cough*torrents*cough* or other P2P services.

[Corrderio]

I see, but man that's messed up... why can't Adobe just make Acrobat offline only.

[octoberasian]

Adobe Acrobat Viewer & Acrobat Update

Both Acrobat Viewer and Acrobat have been updated to version 9.1.

You may download the update here:
http://www.adobe.com.../apsb09-03.html

Direct downloads here:

Adobe Reader

Adobe recommends Adobe Reader users update to Adobe Reader 9.1, available here:
http://get.adobe.com/reader/

Acrobat 9

Adobe recommends Acrobat 9 Standard and Acrobat 9 Pro users on Windows update to Acrobat 9.1, available at the following URLs:
http://www.adobe.com....jsp?ftpID=4375
http://www.adobe.com....jsp?ftpID=4382

Adobe recommends Acrobat 9 Pro Extended users on Windows update to Acrobat 9.1, available here:
http://www.adobe.com....jsp?ftpID=4381

Adobe recommends Acrobat 9 Pro users on Macintosh update to Acrobat 9.1, available here:
http://www.adobe.com....jsp?ftpID=4374

The updates are large and I highly recommend you use something like Free Download Manager to download them.

Security Bulletin Notes:

A critical vulnerability has been identified in Adobe Reader 9 and Acrobat 9 and earlier versions. This vulnerability would cause the application to crash and could potentially allow an attacker to take control of the affected system. There are reports that this issue is being exploited.

The following PDF readers have also been updated if you use something other than Acrobat Viewer:

Foxit PDF Reader - Version 3.0 Build 1506: http://www.foxitsoft...terstitial.html

Sumatra PDF Viewer - Not updated. Refrain from using. Possibly not affected, however.


PDF X-Change Viewer - Not updated. Refrain from using. Possibly not affected, however.

[octoberasian]

Adobe Flash Player Update

Another vulnerability was found in Adobe Flash Player. The update was issued February 24, 2009.

Summary of the vulnerability:

"A potential vulnerability has been identified in Adobe Flash Player 10.0.12.36 and earlier that could allow an attacker who successfully exploits this potential vulnerability to take control of the affected system. A malicious SWF must be loaded in Flash Player by the user for an attacker to exploit this potential vulnerability. Additional vulnerabilities have been addressed in this update. Adobe recommends users update to the most current version of Flash Player available for their platform."

Source: http://www.adobe.com.../apsb09-01.html

Please update Adobe Flash Player to the newest version: 10.0.22.87 .

Update can be found here: http://get.adobe.com/flashplayer

[Corrderio]

Wow... Adobe has exploits left and right

[octoberasian]

The mass hackings last year were related to a Flash/iFrame exploit.

And here we are again a year later and another Flash vulnerability. Then, shortly after, another one found in Adobe PDF files.

Good job Adobe! Several more and you might rank up there with Microsoft. ~_^)b

However, Adobe is pretty diligent with these updates and security patches. Microsoft has gotten better over the years but not as much.

I'm hoping Windows 7 trumps Vista, not only in reliability but security.