Security watchers are warning of a serious unpatched vulnerability in Adobe's Reader program that's actively being exploited to install malware on the PCs of unsuspecting users. The vulnerability has been confirmed in versions 8.1.3 and 9.0.0 of Adobe Reader running on Windows XP Service Pack 3 and is presumed to work on other …
I have been using xpdf and kghostview for years - in part because of Adobe's history of security problems, but mostly because the open source alternatives had more useful features. I recently switched to kpdf because it is even better than the other two. All of these are Unix programs, but a quick search for "PDF reader windows" shows that windows users have a choice.
Perhaps its is time to change "PDF warning" to "Adobe warning" next to links to PDF files like people now say "Windows virus" instead of "PC virus".
Damn, that reminds me - I keep forgetting to disable Java in Acrobat because I keep forgetting the idiots at Adobe did something as moronic as embedding a programming language in a document viewer program.
I'll patiently ask if someone can give me a sane reason why Acrobat should have Java scripting functionality? No seriously, I'm genuinely interested to know - I've probably overlooked something obvious.
Apart from the security issues, how does Acrobat Reader manage to go through major revisions without removing bugs which have been around for years?
I've lost count of the number of times Acrobat dies when trying to view pdfs using integrated browser (Firefox) support. There ought to be a script for killing all acroread32 processes and then reloading a page - it's something I have to do on an almost daily basis.
And later for older versions?
Gee, thanks Adobe, it's not like we weren't pissed off enough that we can't run Acrobat 9 already:
Yup, a major bug that *completely* stops Acrobat 9 from being usable on *any* computer in our network, and Adobe have been sitting on it for FOUR MONTHS.
That'll be PDF's blocked at the firewall then.
I'll second the "try Foxit" motion. I stumbled into it, like many handy things, via Stumbleupon when it was keeping me awake one night with the "just one more click" syndrome. It's hard to argue against it when Adobe's Reader takes up over 200mb space (why?!), takes aeons to open a PDF document and requires updates once or twice a month. I'd also be curious to know why they allow scripts in a document viewer....
"I'll patiently ask if someone can give me a sane reason why Acrobat should have Java scripting functionality? No seriously, I'm genuinely interested to know - I've probably overlooked something obvious."
Indeed. PDF means Postscript. Postscript already _is_ a general programming language.
that Adobe Reader went back to the basics of rendering PDFs? Or at least have a click box that enables such a mode and nothing else?
It is now such a nasty piece of bloatware, performing like a snail with a fricking wheel clamp, that I only use it if Foxit doesn't work properly.
There are even tools to make Reader faster (by disabling all the very-rarely used plugins). If somebody has written a tool it is because a lot of people want it. Adobe should take note.
Does adobe think its microsoft?
Therefore it could, and SHOULD, have been turned off by default at installation time.
I now standardized on XPS format. I think many will do the same after Windows7 will take over. It does not have any active code by design, signing it digitally is easy, and as it is part of Windows starting from Vista (can be installed on XP also from MS site), security updates will arrive via standard update channel. Goodbye, PDF.
Considering 99% of the pdf's out there shouldn't have any scripts running, how about having scripting off by default and a popup asking if you want to enable scripts for a particular document.
Or better yet keep pdf's passive documents and use a new extension for executable pdf's.
This post has been deleted by a moderator
Biting the hand that feeds IT © 1998–2022