Adobe modifies hosts file to detect whether Creative Cloud is installed

Posted by rglullis 1 hour ago

Adobe modifies hosts file to detect whether Creative Cloud is installed(www.osnews.com)

104 points | 48 comments

psyclobe 2 minutes ago|

The most difficult of tasks is trying to un-unstall this pos app on windows.

matsemann 41 minutes ago||

Oh well, as a teenager, blocking adobe servers in hosts file was how you got to "phone activation" and could generate a code. So I guess we're even, heh.

lousken 1 hour ago||

How is defender not flagging this? Changing hosts file should raise alarms

Asmod4n 56 minutes ago||

Defender warns you this happened.

xattt 57 minutes ago|||

Can this not be blocked with file permissions? Or a symlink to a file in a ro folder?

SoftTalker 18 minutes ago||

Most software installers demand to be run as root/Administrator.

The fact that this is largely seen as acceptable or even sensible is rather silly in this day and age.

hypeatei 38 minutes ago|||

Most users won't care, especially if the Adobe installer warns them that a security warning might popup after installation. Besides, in practice, any malware editing the hosts file isn't going to get much because of HTTPS; one cannot simply redirect "google.com" traffic to their own IP without issue.

raverbashing 1 hour ago|||

I wonder how this works on Windows, if any service overrides/resets it

gjsman-1000 1 hour ago||

The hosts file is not sacred on Windows. Anyone who is administrator can just edit it. I've done it to add domain names to localhost.

For anyone hand-wringing over this, this used to be normal. The hosts file was invented a decade before DNS. The end user, or app, would edit their hosts file purposefully after downloading a master copy from the Stanford Research Institute which was occasionally updated.

jacobgkau 1 hour ago||

> For anyone hand-wringing over this, this used to be normal.

People editing hosts files for other reasons was normal (a long time ago-- and it stopped being normal for valid reasons, as tech evolved and the shortcomings of that system were solved). A program automatically editing the hosts file and its website using that to detect information about the website visitor is not the same thing; that usage is novel and was never "normal."

wtallis 48 minutes ago||

In particular, manually editing the hosts file was a mostly-obsolete practice by the time the first version of Windows shipped, and certainly by the time Windows actually had a built-in networking stack. And it was always a red flag for a local app to mess with the hosts file.

anvuong 16 minutes ago|||

Obsolete? My team has an onboard document that spells out lines that needed to be add to host file so they can access internal resources. These are machines directly bought/rented and maintained by the team, so we prefer to use host files instead of going through the company DNS, which is maintained by an entirely different team.

jeffbee 37 minutes ago|||

> manually editing the hosts file was a mostly-obsolete practice by the time the first version of Windows shipped

This claim strikes me as obviously wrong.

1bpp 9 minutes ago||

I owe thousands of dollars to amtlib.dll.

Dwedit 24 minutes ago||

Browsers could still do something about mixed Internet and LAN/Localhost requests by IP address regardless of the domain name.

SahAssar 21 minutes ago|

This does not request a local/LAN file, it's a remote server but without any DNS entry unless the hosts file entry is present.

Terr_ 1 hour ago||

Recycling a comment from prior discussion (4 days, 68 points, 13 comments): https://news.ycombinator.com/item?id=47617463

_______

Oh helllll no. Let's imagine an analogy for Adobe leadership:

1. You hired a night janitor to clean and vacuum your executive offices.

2. That janitor secretly stops at every desk-phone to alter the settings of voicemail accounts.

3. After the change, any external caller can dial a certain sequence to get a message of "Yes, this office was serviced by Adobe Janitorial!"

What's your reaction when you discover it? Do you chuckle and say something like "boys will be boys"? No! You have a panic-call, Facilities revokes access, IT starts checking for other unauthorized surprises, HR looks into terminating contracts, and Legal advises whether you need to pursue data-breach notifications or lawsuits or criminal charges.

* Is it acceptable because they had some permission to touch objects in the rooms? No.

* Is it acceptable because the final effect is innocuous? No.

* Is it acceptable because the employment contract had some vague sentence about "enhancing office communication experiences"? No.

* Is it acceptable if they were just dumb instead of malicious? No.

No person that would blithely cross those lines can be trusted near your stuff, full-stop.

jacobgkau 1 hour ago|

To be fair, your analogy has one flaw:

> 3. After the change, any external caller can dial a certain sequence to get a message of "Yes, this office was serviced by Adobe Janitorial!"

Theoretically, it's not "any external caller." Only the janitor's department calling in can dial that sequence and get "Yes, you serviced this office!" If anyone else tries to dial the extension, the desk-phone pretends it doesn't know what it means. (Because it seems Adobe's server serving the analytics image checks the request origin and only serves the image if the origin is Adobe's own website.)

The origin "security" doesn't excuse the complexity and the potential for both exploits and human-error breakage in the future.

gray_-_wolf 23 minutes ago||

> Only the janitor's department calling in can dial that sequence

Is this the case though? Cannot any website use the same trick Adobe does to check whether you have Creative Cloud installed? Like, the entries in /etc/hosts are not magically scoped to work just on Adobe's web, no?

nashashmi 32 minutes ago||

So can I fool the website that I have CC installed?

vondur 1 hour ago||

If you don't like Adobe modifying your hosts file then I'd not use them. The checking for the software this way is kinda interesting though.

dlev_pika 1 hour ago|

I wonder how many Adobe users are aware of this sketchy behavior tho

tonyedgecombe 59 minutes ago||

My guess is most Adobe users have no idea there is a hosts file nor what it does.

OptionOfT 49 minutes ago||

Can't even reproduce it when setting location to Belgium, or CA or AZ.

I must be missing something.

ramon156 1 hour ago|

To be fair, to crack all adobe products requires a few reg keys. It's wild that they have just given up on pirates.

snapcaster 1 hour ago|

They don't want to be too hard on piracy, its their new/young user on ramp method

kenhwang 26 minutes ago||

Also a lot of recent features are AI related and rely on talking to Adobe servers, which would require a valid subscription. They're probably betting the AI features are valuable enough that local only pirated copies aren't a threat long term.

More comments...