Interesting People mailing list archives

Previous By Date Next
Previous By Thread Next

Adobe Systems: How NOT to do demo security

From: Dave Farber <dave () farber net>
Date: Thu, 04 Dec 2003 10:43:10 -0500


Delivered-To: dfarber+ () ux13 sp cs cmu edu
Date: Wed, 03 Dec 2003 12:46:37 -0800 (PST)
From: Lauren Weinstein <lauren () vortex com>
Subject: Adobe Systems: How NOT to do demo security
To: dave () farber net
Cc: lauren () vortex coma.


Dave,

With so many software firms offering "demo" versions of their
packages these days, I wanted to pass along this example of
how *not* to do demo security.

I was recently asked to evaluate for review the latest version
of Adobe Systems' "Premiere" video editing package ("Premiere Pro").
My last contact with Premiere is my registered copy of their
old Premiere 4.2 package.  Installing their supposedly almost
full-featured 30 day demo seemed like a reasonable alternative
to a full upgrade which I couldn't justify buying at this point.

For a few hours, I had a glimpse of what looked to be a fine
product.  Unfortunately, at that point I noticed that an NTP
server problem had thrown off the clock on the installed system.
So I set the clock back to the correct value.  Big mistake.

The Premiere Pro demo immediately declared its 30 day usage period
had expired -- only 29 days ahead of schedule!  Since the demo
had apparently scribbled "who knows what" around the system and
registry, attempts to clear the problem or reinstall the demo
of course failed.

Adobe's response?  "You're out of luck!"  Their suggestions
were to try install on a different machine (I don't have another
suitably configured XP system available) or "reformat your disk"
(uh, I don't think so...)

It is certainly expected that the security modules of demo packages would
take reasonable steps to avoid demo abuse.  But when a minor clock
correction triggers a demo's "self-destruct" mechanism (and of course,
there were no prior warnings about this) it at least suggests poor design,
and Adobe's response suggests a less than enlightened view of customer
relations.  So it looks like Premiere Pro will remain a question mark
to me for now!

If you're going to provide demos, at least do it right.

--Lauren--
Lauren Weinstein
lauren () pfir org or lauren () vortex com or lauren () privacyforum org
Tel: +1 (818) 225-2800
http://www.pfir.org/lauren
Co-Founder, PFIR - People For Internet Responsibility - http://www.pfir.org
Co-Founder, Fact Squad - http://www.factsquad.org
Co-Founder, URIICA - Union for Representative International Internet
                     Cooperation and Analysis - http://www.uriica.org
Moderator, PRIVACY Forum - http://www.vortex.com
Member, ACM Committee on Computers and Public Policy


-------------------------------------
You are subscribed as interesting-people () lists elistx com
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/
Previous By Date Next
Previous By Thread Next

Current thread: