Thursday, August 13, 2009

PDF Users - lock down your 'free' reader

I've not yet figured out just why Adobe's PDF document structure needs JavaScript. It's a document, I read it, act or think on it, then close it! I don't need code handling ability within my document.

Perhaps someone in the know can enlighten me? Anyway . . .

For several weeks now there have been several viruses circulating that take advantage of a now-patched security hole in Adobe's PDF viewers, both the free and paid versions.

Patch your Adobe Reader
The first thing you should do is force a check for updates to your Adobe PDF viewer. Open Adobe Reader (7, 8 or 9) and click the menu item "Help, Check for Updates." Then click the small text saying "List Details."

Compare the left side of the list to the right side. Anything on the left side thats not listed on the right should be checked, and updated -- unless it's a Language Support update, that's optional.

If you are asked to reboot, do so.

Then check again . . . repeat until no new updates appear. At the end of this, you want to check your version and make sure it's at or higher than:

Reader 7: 7.1.3
Reader 8: 8.1.6
Reader 9: 9.1.3

Turn off JavaScript in Adobe Reader
Now that you've patched your Reader, I suggest you turn off the JavaScript feature entirely. You won't miss it . . . and it might help prevent trouble in the future.

Open Adobe Reader again . . .

Click the Edit menu item, select Preferences.

Find and click the entry on the left side for JavaScript, and click to clear the first check box labeled "Enable Acrobat JavaScript."

Be warned that earlier versions of the reader may prompt you to enable JavaScript every time you open a PDF document . . .

Click OK and close the Reader.


More info about this here:

Better yet, get rid of that bloated PDF viewer entirely!
Those interested in alternatives can Uninstall Adobe Reader and try the (free for personal use) Foxit Reader 3.0 instead. I recommend you decline the free toolbar they ask you to install, but other than that it's much faster than Adobe's product, and does not currently have the security vulnerabilities.