Old & new – software gets bloated, ergo less secure

I stumbled upon this little gem while doing tech support for a friend’s PC.

Adobe Acrobat Reader old and new version sizesThis is from the “Add/Remove Programs” utility of the Control Panel of Windows XP. My friend’s offence was installing an old Corel application that she purchased years ago to do minor Desktop Publishing (DTP). She installed with the default options (as everyone does), which gave her an ancient version of Adobe’s PDF reader (which she never requested) on the side.

As it happens, the ancient PDF reader took over the latest & greatest PDF reader, so all PDFs were opening with the old reader, which of course broke some things (embedded images not displayed correctly etc). But I digress.

I was awe-struck by the obvious comparison in sizes between the two versions of the software. At version 3 of this PDF reader, 5MB were sufficient to get the job done. Nowadays (at version 9) it takes a whopping 211MB!

(of course, they also push down your throat more code from other people -nowadays it’s Google Toolbar- during the download, unless you explicitly say you don’t want it)

Is it possible, even thinkable, that one needs 200+MB of software to read a PDF? (Yeah, it has other features as well – no, 99,9% of people never use them)

There are two major problems here:

1. More code = more mistakes. One of the basic principles of security is simplicity. A 200+MB PDF reader will be a complicated, huge piece of software. If there are 5 million lines of code in there, the probability of having a critical security bug will increase manyfold to that to a piece of software with 5,000 lines of code.

2. More updates = users become numb. How many times will this huge piece of software need to be updated in a year? Very often, as it turns out… this annoys users, increases their workload (time, bandwidth, restart required (!!) etc) and pushes them to just ignore the constant updates, throw up their arms with the whole updating business (Windows, Antivirus, browsers, plugins, Adobe, media players etc etc etc – where do you stop?)  and get on with their work.

All the bloat Adobe has blessed its PDF reader software with can only result in worse security for everyone.