PDF browser viewer alternative (gpdf)
ONE (alternative):
For browsers other than IE there is an alternative for what opens a PDF file in the browser, especially if you use Microsoft Window. It is called gpdf. Here is the URL for it in Firefox where it is a seamless add-on:
https://addons.mozilla.org/en-US/firefox/addon/14814/
You are getting this tip courtesy of Stephen Northcutt at SANS. I have no idea who he got it from. All of us security people have been searching for this for quite a while. It is starting to resemble a search for the Holy Grail. I am still crossing my fingers hoping it will work because Foxit and the other alternatives I have looked at have all bombed. Here is the home for gpdf:
http://blog.arpitnext.com/gpdf
As you can see, it also plugs into Chrome and also has support for both Opera and Safari as a GreaseMonkey script. I have not installed it yet but I will and will eventually (by 2010-09-18 - I am swamped right now) have a short write up on the install experience at my blog:
http://SecureMecca.BlogSpot.com
In the blog I will point to a file that will also be included with the filters I provide for people under GPLv2 license. The reason why is because this has been a critical problem for over a year now. I was going to add rules for this exploit but it is obviously just a trial run before the onslaught begins. So for now steer clear of PDF files until you have this fix put in place. I would also advise turning JavaScript off in Acrobat until you really need it. gpdf doesn't necessarily replace Acrobat. It just replaces it being used by the browser for PDF files. IOW, the install order is Acrobat first, then gpdf.
TWO (nix systems):
You people asking a journalist for clarification on how it works on 'nix systems are asking the wrong person. You need to ask a security professional. See the write up on it here:
http://preview.tinyurl.com/33l5haj
As you can see, it is the lack of sandboxing that allows it to start and that is about all. Thereafter it is Windows all the way. It really poses no threat to Unix type systems. Most people using Linux are using Evince (evince) for their PDF viewer. Mac owners have a similar non-Adobe PDF viewer. Be careful on both Linux and Macintosh - you will need to reassociate what handles a PDF file manually. Normally you do not need Acrobat on these systems except to edit PDF form files so it will only be a problem if you install Acrobat and supplant the PDF viewer that is provided. Evince can be found by typing "which evince" in a terminal. Usually it is at /usr/bin/evince.
THREE (block PDF files?):
I actually have a rule in my PAC (Proxy Auto Configuration) filter that if enabled would stop the browser or anything else that uses Internet settings to prevent the loading of PDF files for a short time:
// BadURL_WordEnds[i++] = "\.pdf";
That is rather drastic if you ask me. That is why it is commented out along with the exe rule. You defeat the rules by white-listing who you will allow to be excluded from the rules. I think you need the gpdf route and while you are at it, for Firefox add Better Privacy to contain the Flash cookie LSO threat. There are even three companies being sued over the abuse of using Flash cookies to track you. Actually, I would install Firefox just to get that support of Better Privacy to remove those Flash Cookies. It really is that good:
https://addons.mozilla.org/en-US/firefox/addon/6623