OCS banner and logo
Keeping clients' computers safe and profitable for over 25 years



Home Forms About Current Newsletter subscribe 
Search All Articles

Browse by Category


powered by pmc2m

 

Adobe Acrobat Security Issues

I've been moving my clients away from Adobe Acrobat as a pdf reader for a long time. You can check out my article about better alternative viewers from October of 2007.  I have settled on PDF-Xchange viewer and haven't had Adobe Acrobat Reader on my computer in over a year. This viewer fully integrates with Firefox and IE and has many advantages over Adobe's reader. It is smaller, faster, much better with many great features including being able to edit documents and fill in forms and it is much safer. Once I ran into a site that presented forms, not in pdf but in Forms Document Format (FDF) which is supported by Adobe but not PDF Xchange or Foxit. I refused to deal with it, but you may not have that choice.

The safety factor is important as Adobe has surpassed Microsoft as the biggest target for malware. According to ScanSafe of San Bruno, Calif., vulnerabilities in Adobe's Reader and other Adobe applications were the most frequently targeted of any software during 2009. They logged 107 distinct vulnerabilities during 2009, with a rising number of  vulnerabilities each quarter.

The company makes lots of bizarre decisions that frustrate those concerned with security. For example, they have included Javascript support inside their PDF reader and it is turned on be default. Thus, a large security issue is opened without any usefulness for 99.99% of users. It is possible that in some corporate setting, an Intranet could make use of this feature and I did hear of one that did, but for the rest of us it is exposure without benefit.

Therefore, if you don't replace the reader entirely, in which case you can uninstall it, you should disable JavaScript.

 

  • Open Adobe Reader
  • Pull down the Edit menu
  • Select Preferences
  • On left side list choose the JavaScript category
  • Uncheck Enable Acrobat JavaScript

If you keep it, expect to update it with security patches about once every 60 days.

 



Date: March 2010


Creative Commons License
This article is licensed under a Creative Commons Attribution-NoDerivs 3.0 Unported License.

 
 
  Please direct questions/suggestions about website to the webmaster