Another Reason NOT to Use Adobe Reader

[Steve - WB3HUZ]

http://www.theregister.co.uk/2010/03/09/adobe_reader_attacks/

[ka3zlr]

Great,.. Targeting Financial Institutions...Good thats' nice...

The whole computing world comes with some of this stuff wrapped up in the bundle...that's Great.

My new Dell laptop here installed it when I fired it up.

Nice. How do we fix this problem Huzman...you brought it up. How is the door shut, does uninstalling shut it. updates
 patches what. What all does it leave in the Registry..?

73
Jack

[W1AEX]

The Adobe Reader seems to be getting a lot of attention from the malware thugs who probe for exploits continuously. To insulate yourself from the most obvious exploit path:

From within the Adobe Reader, go to preferences, then JavaScript, and uncheck "Enable Acrobat JavaScript". Personally, I have never run into a PDF file that needed JavaScript enabled for any reason, so the default setting of "enabled" is an extremely dubious preference installed by Adobe. If for some reason, you encounter a PDF file that requires JavaScript, be suspicious.

A security forum that I belong to recommends that users NOT allow the Adobe Reader to hook into whatever browser you use through a plug-in. Instead, set your browser to open up PDF documents in the stand-alone version of the Adobe Reader, and use your firewall to prevent the Adobe Reader from inbound or outbound access to your internet connection. That generally offers a very high degree of immunity to any Adobe Reader exploits.

Note that this will also require that you update the Adobe Reader manually now and then, since it can't call home anymore. That only entails using "Check for Updates" in the "Help" menu after temporarily allowing it permission to pass through your firewall.

[ka3zlr]

Thank You for the answer, much obliged.

73
Jack

[Steve - WB3HUZ]

If you are just using Adobe Reader to read docs, Javascript is not required. It may be required to fill out forms. There are many other PDF readers out there. You may want to give them a try. Most run much faster than Abobe's too.

[Sam KS2AM]

Adobe releases updates to the reader on a regular basis and these updates include security fixes, bug fixes, enhancements, etc. The current release of Adobe Reader can be configured check for these updates once a week, or you can manually check for updates.  (via Help --> Check for updates).   Between this and up-to-date AV protection that you should be running on your PC, its extremely unlikely that you would ever run into an issue with a pdf file, especially from a reputable source.
On the other hand if you do not keep software such as the Adobe Reader, Windows, your AV package, etc up to date on a regular basis you are partially if not substantially to blame for related problems that you run into.


Latest release of Adobe Reader is here: http://get.adobe.com/reader/?promoid=BUIGO


Sam / KS2AM

[Ed/KB1HYS]

Is this also part of the Flash-cookie bug?  or is that an altogether different problem?

[k4kyv]

There are many other PDF readers out there. You may want to give them a try. Most run much faster than Abobe's too.

I have used Foxit Reader for a couple of years now.  Not only is it faster, it scrolls less erratically and doesn't cause my computer to crash like Adobe always did.

[ka3zlr]

Welp we downloaded the Foxit an installed it, we'll see what happens.

73
Jack

[Opcom]

I love the fearmonger-lies that such programs as adobe reader spout: something like "this document might not display properly (unless you upgrade..)" and "you have to upgrade to use all the features..." well the heck with it.

I do not trust adobe any more since flash cookies were exposed. I use acrobat 5 and reader 7 with everything turned off. They may not access the internet, and that is enforced by a firewall. and their little installers and bibble babble too. Same goes for many, many programs here. The PC runs way faster without all that overhead. It is amazing how fast since I recently removed all the java, updating, etc ad nauseam. Who needs it?? Only the avast antivirus and zonealarm firewall are permitted to be updated, after they ask.  Noscript rides shotgun on the browser, and when a normally non-downloadable object is shown like a pdf or flash object, sometimes I can download it and run it locally.

There is, or was, a concept known as "freezing". It is when the thing works like you want, you set it in stone, and you don't randomly change things (or allow others to). I guess that has been forgotten with all the spyware, control-ware, tracking-ware, toolbars, flash cookies, "this is free" crap.. that now inundate and waste cycles on most computers. I gained even more speed by dumping most plugins. I just don't need them. Many older varios are just fine. Versions made before so many overhead-sucking "features" were added.

A recent cleanup used ccleaner, and unwanted crap can be found and examined by winpatrol. I have not detected those free useful programs doing anything untoward.

[K3ZS]

When I found out about flash cookies on amfone.net, I went to the adobe site to shut them off.   However, a few of my favorite internet radio sites stopped working, mainly pandora.com and radio.com.   I reluctantly turned the cookies back on.   I use a netbook computer as an audio component on my stereo.

[W1AEX]

It's getting more and more interesting out here in the internet wilds. I play the game much like Opcom. Using free software, including Thunderbird for mail and Firefox for web, with the NoScript and AdBlock plugins, along with Kerio, SWB, AVAST 5, and Malware Bytes I cruise trouble-free, without worries or hassle. I also use limited user accounts for normal computer activities. However, lest I be labeled as smug, I do make a fresh Acronis disk image now and then, just in case...

[w5hro]

Adobe PDF format is great!

The thing you have to watch out for is when people embed stuff within the documents. It wont matter if you using Adobe Reader of Foxit Reader, etc. when you open the documents.

Attached below is a screen shot I just took of one of my docs on AM Forever after running the 'Examine' feature in the Acrobat Pro version. Whenever I download a pdf document I always run this and delete the junk. There will often be stuff embedded that sites use to track the usage of those documents. It’s sort of like tracking cookies, which are usually harmless.

It really doesn’t matter if the document is in Word, Open Office, or Adobe PDF format. There are always ways people can hide stuff within all of those formats. That’s why when using a Windows box always have a good virus scan program installed like Symantec to stop anything the tries to run when you open the documents. Either that or just “Get A Mac”