now that adobe has moved their adobe air runtime and api environment to my system whether I like it or not.

I am concerned that this is a new system vulnerability and I hope you say symantec has it covered.

my problem with it is that adobe wants to be a certificate authority for the adobe developers and ISVs coming on board with their platform.  there is no way adobe as a corporation is going to be as solid certificate authority as if my certs are coming in the normal way from microsoft (i.e.. there are well known CAs for commercial and government systems). an adobe CA's purpose is to have a handshake with the system with a commercial vendor writing to their platform.  that is not the same as a real certificate authority who has a different role to play within the market place.

so given we are hanging out there with adobe air and adobe being a CA.  it seems to me that certificates may be forged and these commercial vendors that are coming on line early may not be able to police their own certificates.  that means system penetration.

what can you guys do...with this platform security problem.  I imagine you could develop special heuristics related to adobe and adobe air.  seems to me without any security and the fact I have their platform (runtime and api) on my system, then anyone with the SDK and commercial cert from adobe could have fun with my system.

is this the case?  just checking..