Bits from Bill

Technology thoughts leaking from the brain of "Bill Pytlovany"

Friday, February 20, 2009

Adobe Gets Sloppy and You're at Risk.

Do you remember a time when you knew your personal computer was safe from infiltration? There was a time when the only danger was from inserting a strange floppy disk. Nowadays, if you’re connected to the Internet every day brings a new threat.


This week’s big vulnerability announcement comes from Adobe and affects their Acrobat and Adobe Reader programs.

“This vulnerability would cause the application to crash and could potentially allow an attacker to take control of the affected system. There are reports that this issue is being exploited. There are reports that this issue is being exploited.

Adobe is planning to release updates to Adobe Reader and Acrobat to resolve the relevant security issue. Adobe expects to make available an update for Adobe Reader 9 and Acrobat 9 by March 11th, 2009"

Now, I’m a Adobe user and aside from their overzealous startup habits I’m a fan of Photoshop and the universal PDF format. Still, I’m having a hard time understanding how anyone could still release any code that is vulnerable to a buffer overflow attack. The technology and programming libraries exist so that only a programmer from the dark ages should allow this kind of behavior.

I don’t claim to be a perfect programmer but a company as big as Adobe should  have a whole crew implementing best practices for their development team.
This is incredibly sloppy and I just don’t get it.


To make matters even worse, Adobe provides no guidance as how to prevent attacks. My advice is to disable any Adobe reader on your system.
If you’re a WinPatrol user, click on the ActiveX tab and sort by company name to find your Adobe components. Select the Acrobat reader and click on Disable.


If you’re not a WinPatrol user you can protect yourself by opening up Acrobat or Adobe Reader and disable Javascript from within that application. You should find it under the Edit menu -> Preferences. You can uncheck the box in front of “Enable Acrobat Javascript”.


It may also be a time to replace your default PDF file reader with a new one. I’m sure some of my readers can comment on what they find is the best alternate for Acrobat so stop back for more information.


Labels: , , ,

Share on Facebook


12 Comments:

Blogger Jonathan Arnold said...

I like Foxit Reader as a lite PDF reader: http://www.foxitsoftware.com/pdf/rd_intro.php

6:18 PM  
Blogger Janet Roth said...

I've been using PDF-Xchange Viewer by Tracker Software Products, and I quite like it.

The free version lets you add notes and other mods in various ways, fill in forms, etc etc.

It also starts up much faster than the Adobe Reader.

6:56 PM  
Anonymous Anonymous said...

I dumped Adobe a while back, partly due to security reasons, and partly because of Adobe's bloat and insistence on adding a startup updater.

Foxit is a fast, lightweight reader that does everything I need a PDF reader to do.

But, beware. The latest Foxit version attempts to install a "Foxit Toolbar" which is really the Ask Toolbar (pre-checked), and also attempts to make Ask your default search engine (yeech!)

While I really like Foxit, I despise the attempt at installing the vile Ask Toolbar...so I'll be on the lookout for a Foxit replacement, soon.

-Brian (AKA The Dean)

10:03 PM  
Blogger trapspam honeypot said...

I have already disabled Javascript for Acrobat. Shame, as I use Acrobat Pro all the time to generate documents that are portable to all.

George

11:26 PM  
Anonymous Anonymous said...

I second Foxit. Been using it for over a year instead of Adobe.

6:20 AM  
Blogger Unknown said...

Another vote for Foxit. For some reason I couldn't get Adobe reader to work with Firefox.

4:15 PM  
Blogger Cd-MaN said...

This comment has been removed by a blog administrator.

3:57 AM  
Anonymous Anonymous said...

This comment has been removed by a blog administrator.

2:14 PM  
Blogger Jonathan Arnold said...

Yeah, I just installed FoxIt for the first time in ages and was appalled at all the extra garbage it tried to install. I would have to withdraw my personal recommendation for it. It was truly ugly.

2:57 PM  
Blogger Unknown said...

Hmm... A comment together with a question :
I see Adobe Reader 8.1.3 as installed on my system, but I can't follow Bill's advice : when using WinPatrol/tab ActiveX/ there is no entry listed for Adobe Reader !? I'm confused, why not ?

5:33 AM  
Anonymous Anonymous said...

Georges I use 8.1.2 and couldn't find an active x for it but I did find a setting that Bill mentioned for scripting that was active so I disabled that.

I never open a pdf in my browser I always save on desktop and scan with AV and spybot and malwareytes. Don't know if this will catch this vuneralbility Does anyone know?

12:41 PM  
Anonymous Anonymous said...

I'd have to go with Foxit reader as well since you can run the .exe file off of a usb stick and not even have it actually installed. Works slick.

Corey

12:48 AM  

Post a Comment

<< Home