06/11/2012

Could Adobe be Setting A Bad Precedent?

We’re used to it now aren’t we? We pay almost $9 per gallon of “filtered” drinking water in a 20 ounce bottle. We pay for checked bags and snacks on an airplane. Everywhere, things that used to be free, now cost money. We may grumble, but we pay anyway.

So should we be shocked when a software giant says we need to pay for critical security fixes? For those who haven’t heard, Adobe, after identifying critical vulnerabilities in Photoshop 5, and Illustrator and Flash Professional 5.5, announced that they would only be providing the fixes in version 6. Users of older versions of software will need to upgrade to Creative Suite 6 (CS 6) at a minimum cost of $375 in order to keep their system safe.

Consumers and experts are outraged. The previous version, CS 5 is only a couple of years old. Hardly beyond what most would consider an active lifecycle for software. But does the outrage matter? When airlines first started charging for checked bags people complained. When they took away free snacks people complained. In the case of the airlines they won on the checked bags, but most lost with the free snacks. You can still get a free soda and a miniscule bag of nuts when you fly.

But in the case of Adobe, it isn’t just personal expense at stake. The vulnerabilities identified will let hackers take control of the infected system. While that’s bad news for the system owner, it could also mean bad news for everyone on the internet. Imagine all the infected systems being used for DoS, or another huge botnet that needs to be rooted out. If the lack of patching leads to a broader issue, will it be Adobe’s fault or the users that didn’t upgrade?

If the user’s balk at the upgrade fee, will they flock to open source solutions instead? Could Adobe ultimately pay a higher price for forcing the user’s hands?

If that happens, then the move by Adobe ends up as a really bad PR move. But if it doesn’t, and users capitulate it may be the start of a new precedent that we’ll all just have to accept.

Would you pay hundreds of dollars to update your software, or find an alternative?