Security: March 2009 Archives
READING PDF'S LESS INSECURELY
A lot of stuff on the web (and elsewhere) is in PDF format.
Most of us simply use the free Acrobat Reader from Adobe.
In the past month (mid-February 2009), it's become clear this may pose a security risk.
According to this article on Download Squad (one of the first Google hits on "Acrobat bug"), “Because of the way Adobe integrates into Windows explorer - to provide metadata information about PDF files - there is a chance that your system could become infected without ever opening a single file...That includes something as simple as hovering your mouse over the file icon."
I.e., you don't have to even open or download the file to be at risk.“
(FYI, one article I read said part of the problem is because of how Acrobat uses JavaScript in ways that don't benefit us users, but play a role in DRM and other content-owner-side things.)
According to Stephen Schenck, in Obsessable, “The bug affects only Windows computers running Acrobat version 7 or later."
Here's a YouTube video, from Schenck's article, showing the bug being exploited:
What should you (Windows users with Acrobat 7 or later) do?
I'm now using the free Foxit Reader. There's some minor user interface differences from Adobe Acrobat, but it works fine, I'm happy with it.
AND WRITING PDF'S INEXPENSIVELY
During the past month, I've turned up two separate reasons to be able to not just read, but also write -- create PDF files:
Again, legitimately-free software to the rescue; here, CutePDF Writer. This installs as a option in PRINT submenus, e.g., on FireFox and Microsoft Word.
So far, CutePDF Writer has been working fine, and doing what I'm looking for.
So: FoxIt Reader and CutePDF Writer, both recommended. I'm sure there's other equally good free solutions... and I know that both these tools have a lot of features I haven't explored or put to use yet.
A lot of stuff on the web (and elsewhere) is in PDF format.
Most of us simply use the free Acrobat Reader from Adobe.
In the past month (mid-February 2009), it's become clear this may pose a security risk.
According to this article on Download Squad (one of the first Google hits on "Acrobat bug"), “Because of the way Adobe integrates into Windows explorer - to provide metadata information about PDF files - there is a chance that your system could become infected without ever opening a single file...That includes something as simple as hovering your mouse over the file icon."
I.e., you don't have to even open or download the file to be at risk.“
(FYI, one article I read said part of the problem is because of how Acrobat uses JavaScript in ways that don't benefit us users, but play a role in DRM and other content-owner-side things.)
According to Stephen Schenck, in Obsessable, “The bug affects only Windows computers running Acrobat version 7 or later."
Here's a YouTube video, from Schenck's article, showing the bug being exploited:
What should you (Windows users with Acrobat 7 or later) do?
- Update your computers, as Adobe releases patches, (which they've started to do, as of March 11). (UPDATE: According to Michale Kassner's IT Security blog in TechRepublic, Adobe has released updates -- here's Kassner's advice on installing and double-checking the patches, and additionally securing FireFox (with the NoScript extension.)
- And here's a freeAdobe Flash vulnerability scanner from HP
- Meanwhile/instead, uninstall Adobe Acrobat completely (some of the components install into Microsoft Windows Explorer, so simply not using Acrobat won't do the trick), and install an alternative PDF reading application.
I'm now using the free Foxit Reader. There's some minor user interface differences from Adobe Acrobat, but it works fine, I'm happy with it.
AND WRITING PDF'S INEXPENSIVELY
During the past month, I've turned up two separate reasons to be able to not just read, but also write -- create PDF files:
-
Saving copies of my articles from the web sites they appear on, for my "clips" (samples), in case the original becomes unavailable (e.g., the publication's site closes or changes, or the article is too old for them to keep it available).
I've been simply saving these as web pages, but often these saves don't rebuilt exactly, or sometimes don't work at all. And here I don't care about a "live" web page; I'm looking for a copy that's the equivalent of having torn/copied a page from a magazine: "here's what actually appeared." - On a separate note, as I do more to promote my Dern Grim Bedtime Tales, I'm making up promotional handouts and other things, and want to provide a single document made from a bunch of Word files... and would rather not provide it as a Word file, in any case.
Again, legitimately-free software to the rescue; here, CutePDF Writer. This installs as a option in PRINT submenus, e.g., on FireFox and Microsoft Word.
So far, CutePDF Writer has been working fine, and doing what I'm looking for.
So: FoxIt Reader and CutePDF Writer, both recommended. I'm sure there's other equally good free solutions... and I know that both these tools have a lot of features I haven't explored or put to use yet.
