Adobe Zero Day Flaw

"Adobe has alerted users to a zero day flaw in its PDF and Reader formats and has said it is already being exploited by malware writers.
The company has issued an alert and said it will release a patch for the flaw on Tuesday. In the meantime users are advised to disable JavaScript, although Adobe warned this may not be a complete solution."

“Adobe Reader and Acrobat 9.1.3 customers with DEP enabled on Windows Vista will be protected from this exploit. Disabling JavaScript also mitigates against this specific exploit, although a variant that does not rely on JavaScript could be possible. In the meantime, Adobe is also in contact with Antivirus and Security vendors regarding the issue and recommends users keep their anti-virus definitions up to date.”

So, it should be common sense to keep your antivirus up to date, but it is surprising how often I talk with people who say that they don't. As an IT guy, I really can't stress how important it is to keep your Antivirus current. In a later post I will be describing the differences between an Antivirus suite and an Internet Security Suite. Most people believe that they are perfectly protected and safe with just Antivirus. However, they really need to understand the added benefits of a firewall. Well, like I said, that will come later.

As for this flaw, I'm glad that Adobe is aware of it and making it's users aware. "Security through Obscurity is Never the Answer." This is a very important thing for companies to realize. Obscuring security flaws leads to a false sense of security for the company and for the end users.