In contrast, version 4 of the Foxit PDF reader has 15 different categories of preferences, most with more than one option. To illustrate how feature-free Sumatra is, the screen shot below shows the available configuration options, all six of them. Updates do not require a re-boot of the operating system Unlike the Adobe Reader, it does not install software that runs when Windows bootsĨ. It is available in two portable editions and a normally installed editionħ. It's not popular so there is little reason for bad guys to find and target bugs in the software.ĥ. Less code makes for a smaller attack surface.Ģ. For example, SumatraPDF does not support either JavaScript or Flash. Windows users have an excellent option, the SumatraPDF viewer.ġ. But the problem is bigger than JavaScript.* The problem is bloated, buggy, popular software. The malicious PDF in question started out by exploiting JavaScript, so a knee-jerk reaction is to disable JavaScript in your PDF viewer. By using a number of utilities, we are able to reverse engineer the techniques in malicious PDFs, providing insight that we can ultimately use to better protect our systems. Because PDFs have so many "features," hackers have learned how to hide attacks deep under the surface. PDFs are widely used business file format, which makes them a common target for malware attacks. It's one thing to read about malicious PDFs, but quite another to see one up close and personal. The author, a security researcher, offered a step by step dissection of a malicious PDF file. This was illustrated last month in an article, Anatomy of a PDF Hack, by Tomer Bitton. Without question, if someone emails you a PDF file, opening it in the Adobe Reader is a Defensive Computing mistake. But, fairness is not my priority, Defensive Computing is.Īnd, the Adobe Reader has a third strike against it: a long history of security vulnerabilities. This is not fair to Adobe any more than avoiding Internet Explorer is fair to Microsoft. You are therefore, safer as a lesser target. For example, the Adobe Reader includes Flash, an accident waiting to happen if there ever was one.Īny popular application is always going to be targeted by bad guys as it offers the most bang for the buck. The more code, the larger the attack surface. It's a huge download because it has every feature ever invented. The epitome of bloated popular software is probably the Adobe PDF Reader.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |