Author Topic: Adobe Reader vulnerability (Read 3783 times)

ednsandy · « **on:** March 03, 2009, 12:52:32 AM »

Does an updated data base and Avast program catch these problems if an infected .pdf file is scanned before opening?

DavidR · « **Reply #1 on:** March 03, 2009, 01:39:46 AM »

The vulnerability is in the reader being exploited and not so much the .pdf files so you should always ensure that acrobat is fully up to date, though I gave up on it some time ago. It doesn't seem like very long from when one hole is closed up than another is discovered.

Lisandro · « **Reply #2 on:** March 03, 2009, 01:43:26 AM »

Also, set opened files to be scanned (the default) in the Standard Shield settings.

Avastfan1 · « **Reply #3 on:** March 03, 2009, 09:16:10 AM »

There is a simple yet 100% effective security update for Adobe Reader:

http://mirrors.foxitsoftware.com/pub/foxit/reader/desktop/win/3.x/3.0/enu/FoxitReader30_enu_Setup.exe

Faster, much more secure and a lot more stable as a program.

Enjoy!

DavidR · « **Reply #4 on:** March 03, 2009, 03:42:53 PM »

I don't know about much more secure, that isn't proven.

However, it certainly isn't such a big target as acrobat PDF reader is the virtual default industry standard PDF reader, so exploiting that is much more productive. That said I have been using foxitreader for a considerable time as it is no bloated monster that acrobat has become.

Alan Baxter · « **Reply #5 on:** March 03, 2009, 06:53:14 PM »

Thank you for the Foxit Reader recommendation, David. I'll use that instead of Adobe and see how it goes. There are no Secunia security advisories for it, i.e. if there are any vulnerabilities, they haven't been reported. I disabled JavaScript in Foxit's preferences, just in case there's ever an exploit that takes advantage of that.

polonus · « **Reply #6 on:** March 03, 2009, 07:28:04 PM »

Hi DavidR,

Proven, proven: http://forums.foxitsoftware.com/showthread.php?p=28255
And that is also a reassuring thought for Alan Baxter.

The matter with Open Software is that when the cat is out of the bag, it is. When it is not we know about it at the same time it is found up.
With Closed Software when the cat is out of the bag we know it, but we do not know how long it was out of the bag before we knew of that fact. That is the big difference between Adobe and FoxitReader, no security through obscurity,

polonus

DavidR · « **Reply #7 on:** March 03, 2009, 08:44:21 PM »

Sorry but I wouldn't call that total proof, but one area dealing with one exploit assuming that the user has also downloaded the JBIG2 decoder, which wasn't installed by default on my version and presumably others.

As you may be gathering, I'm a trusting sod, not

polonus · « **Reply #8 on:** March 03, 2009, 09:05:23 PM »

Hi DavidR,

That is why I am always trying to go to the bottom of it, just for that vital bit of information. In my Foxit version I have that dll running...

"Trust nothing and no one" always has been a good guideline in what we are trying to do here. There are two things with Windows and third party software - do not take anything for granted. And I know you aren't Alice in Wonderland nor the Easter Bunny, right?

pol

Author Topic: Adobe Reader vulnerability (Read 3783 times)

ednsandy

Adobe Reader vulnerability

DavidR

Re: Adobe Reader vulnerability

Lisandro

Re: Adobe Reader vulnerability

Avastfan1

Re: Adobe Reader vulnerability

DavidR

Re: Adobe Reader vulnerability

Alan Baxter

Re: Adobe Reader vulnerability

polonus

Re: Adobe Reader vulnerability

DavidR

Re: Adobe Reader vulnerability

polonus

Re: Adobe Reader vulnerability