graeme_p
msg:4060843 | 6:32 pm on Jan 14, 2010 (gmt 0) |
Do many Mac users use Acrobat reader rather than the default MacOS X one? It seems, yet again, the lesson is to avoid Acrobat.
|
levo
msg:4060867 | 6:52 pm on Jan 14, 2010 (gmt 0) |
I'm using default one (Preview).
|
incrediBILL
msg:4060872 | 6:59 pm on Jan 14, 2010 (gmt 0) |
| the UPDATE.CAB file drops another executable that injects a DLL into Internet Explorer |
|
| It seems, yet again, the lesson is to avoid Acrobat. |
|
No, the lesson is and always has been: 1. Don't open files from unknown senders
2. Beware files on untrusted sites
3. Disable javascript except on whitelisted sites
4. Avoid Internet Explorer as much as possible
|
vordmeister
msg:4060920 | 7:54 pm on Jan 14, 2010 (gmt 0) |
There's a thing to disable Javascript in PDF readers (I've never figured out why it would be useful to have javascript in something that is essentially a printer friendly format). Please someone mention how to do it - I've forgotten, and it's not disabled as default.
|
Robert Charlton
msg:4060931 | 8:25 pm on Jan 14, 2010 (gmt 0) |
If you do update your current Adobe Reader, be aware that on the Adobe Reader download page, the additional download of McAfee Security Scan is on by default. Be sure to uncheck that box if you don't want McAfee to self-install. Shame on Adobe for setting it up this way.
|
dreamcatcher
msg:4060943 | 8:36 pm on Jan 14, 2010 (gmt 0) |
Haven`t used Adobe Reader for years. I`ll let a few friends know though. dc
|
travelin cat
msg:4060961 | 8:59 pm on Jan 14, 2010 (gmt 0) |
For those Mac users that have Acrobat Pro, here is a tip to force all .pdf files to open with it rather then either Preview or Acrobat Reader: Control click on any .pdf file
Choose "Open With"
Scroll to the bottom of the list and choose "Other..."
Click on the check box in the bottom of the window that says "Always Open With"
Navigate to your Application folder and click on Adobe Acrobat Professional. From this point on, every .pdf file will be opened with Acrobat Pro
|
travelin cat
msg:4060967 | 9:03 pm on Jan 14, 2010 (gmt 0) |
vordmeister, To disable JavaScript: File -> Preferences
Under Categories, click on JavaScript
To the right, uncheck the box next to "Enable Acrobat JavaScript"
|
oddsod
msg:4060984 | 9:21 pm on Jan 14, 2010 (gmt 0) |
It seems it's only an Adobe problem and doesn't affect Foxit users. This is probably a good time to make the switch.
|
sgietz
msg:4060994 | 9:29 pm on Jan 14, 2010 (gmt 0) |
The PDFs of today are essentially no different from years ago, so why has the reader gotten so damn bloated? I install ONE Adobe product, and suddenly my programs menu has 5-6 other apps I never asked for. Adobe makes industry standard software in many design/publishing areas. I wonder how much longer they can ride that wave before people scream and holler for an alternative and possibly settle for a lesser product just to get away from them.
|
timster
msg:4061018 | 10:12 pm on Jan 14, 2010 (gmt 0) |
I searched my disk on my MacBook and was surprised to see Adobe Reader. I don't think I downloaded it deliberately. It had never been launched. Deleted it. There are some PDF's out there that have nifty interactive forms, that put JavaScript to good use. Adobe competes with Word forms that way. But Preview is enough for me.
|
jomaxx
msg:4061048 | 10:50 pm on Jan 14, 2010 (gmt 0) |
I second the motion to disable Javascript. I did this last summer when I got stung by a bug, and that has helped me avoid several scares since. My gut tells me there are lots more vulnerabilities that will only be patched after exploits are already in the wild. This is 100% on Adobe, who released a shoddy and insecure Javascript engine where no normal person would want or expect it to exist anyway. Their entire reader is a sad joke that a decade later still brings my computer to a crawl when I have to load a .PDF document, but that's another thread.
|
frontpage
msg:4061079 | 12:00 am on Jan 15, 2010 (gmt 0) |
Who still uses Internet Explorer and Adobe Reader? That's so 1999.
|
engine
msg:4061250 | 9:13 am on Jan 15, 2010 (gmt 0) |
Besides the fact that Adobe Reader is hugely bloated, please don't miss the point that these compromised PDFs are the problem, and, we don't know how it might sit on your system until accidentally opened or sent on to someone else. Good advice from incrediBILL, thanks.
|
graeme_p
msg:4061293 | 11:30 am on Jan 15, 2010 (gmt 0) |
1. Don't open files from unknown senders
2. Beware files on untrusted sites
3. Disable javascript except on whitelisted sites
4. Avoid Internet Explorer as much as possible
|
|
I agree, but Acrobat seems to be to PDF, what IE is to HTML. After all, every time we visit an untrusted site, our web browsers are opening files from it, and we expect
then to be secure. | (I've never figured out why it would be useful to have javascript in something that is essentially a printer friendly format). |
|
Forms. Some of the other readers are implementing Javascript because otherwise they cannot replace Acrobat Reader in some environments.
|
jomaxx
msg:4061602 | 7:36 pm on Jan 15, 2010 (gmt 0) |
That just begs the question of why PDF documents need the ability to submit forms in the first place. Or why the forms need to be validated by Javascript, which is a process easily circumvented anyway. But anyway, it's in there and it'll be years before most people have updated to a more secure release.
|
incrediBILL
msg:4061698 | 10:01 pm on Jan 15, 2010 (gmt 0) |
After all, every time we visit an untrusted site, our web browsers are opening files from it, and we expect
then to be secure. |
|
No, I never expect an untrusted site to be secure, that's why it's called UNTRUSTED. Considering the large quantity of hacked sites on shared services, approaching them as anything but potentially hostile is a bad idea. That's why many of us surf with javascript and other features disabled unless it's whitelisted. The internet is no different than the real world, you never know what kind of neighborhood you're in until you get car jacked (or worse) and by then it's too late so be careful.
|
|
