Saturday, February 13, 2010

PDF Vulnerabilities, Adobe, Critical Updates and YOU

For some time I've dreaded going through the update process for Adobe Reader and Acrobat. Let's face it; the process is painful and can take a long time if you don't have super-high-speed broadband.

But in the last year being current on Adobe patches has become as important as being current on Windows patches.

Last month we saw an explosion of exploits that entered the victims machine via malformed PDF files. Adobe patched Acrobat and Reader versions 8.x and 9.x to close that exploitable vulnerability in the middle of January.

Now it's one month later and we have a new vulnerability that's already being actively exploited by malware distributors. Adobe will be releasing another new update to block it this coming Tuesday, Feb 16th.

As painful as it is, if you accept PDF's via email or view PDF's on the Internet via any browser - you need to be completely up to date to protect yourself.

If you've been letting Adobe's auto-updater run and accepting updates when it offers them - the pain won't be too bad. If you turned it off in the past, or have ignored the update requests - then you've got up to an hour or so of updates to get through. I suggest you start now, then check again Tuesday night or Wednesday morning for the new patch when it's released.

Here's the painful part if you're behind:

1) If you are running any version older than 8.x, you need to upgrade NOW to 9.x. Get thee to and download the newest Reader. (On a side note, while you are there, update your Adobe Flash and Shockwave plug-ins for your browser too!) If you bought and use Acrobat 5, 6 or 7 -- it's time to bite the bullet and get the newest version. Remove that old version completely . . . seriously. However there are alternatives that are more affordable. (See the list at the bottom of this post.) If this is you, be sure to completely UN-install the older version first, and reboot even if you are not asked before installing the new version.

2) Open Reader and click the Help, Check for Updates option. (If you're running Vista or Windows 7 you need to right click the Reader icon and "Run as Administrator" first.)

3) Allow the update to download and install. Reboot if asked, no need if not asked.

4) Repeat from #2 until you finally get the message that there are no new updates.

5) If you have Acrobat, repeat the entire process for that as well.

I just did this to a new clients old machine -- it took about an hour to download and install ALL the updates to bring his copy of Acrobat 8.0 completely up to date. It required two reboots. It required several iterations of steps 2 through 4.

My rant: Why can't Adobe provide roll-up updates that would bring any version of 8.x or 9.x completely up to date with one download and install cycle!? I mean jeez, join the 21st century already would you Adobe?

Now: if you have an ancient version of Acrobat, you should know that there is no need to pay Adobe 450 bucks or more to get the ability to create or edit PDF files. Gone are the days of their monopoly on the format. Here are some alternatives that range from free to "less expensive than Adobe" depending on your usage requirements.

If you need to create (but not directly edit) PDF's from any program you can use that programs Print To function using the excellent and free CutePDF Writer. It installs and behaves like a printer, but instead of paper it "prints" to a PDF file in your Documents folder.

If you own Office 2007, and you need to create PDF's only from Office programs, then you can download and install the free Microsoft Office 2007 Save as PDF or XPS add on directly from Microsoft's download site.

If you need to edit, merge, create forms and just about any other creative task relating to PDF's I suggest either CutePDF Professional or the new "Foxit Phantom PDF Suite". They both include page sizes for all professional fields, load very quickly compared to Adobe Acrobat Professional, and do not (yet) have the security problems plaguing Adobe products. (That may change if they become a big enough target.)

And of course, you could always get the latest version of Adobe Acrobat.

Compare features and price, do your research, and decide.

No comments:

Post a Comment

Comments are welcome but moderated to prevent spam links. I usually check them at least once a day in the evenings - so please be patient with me if your comment does not appear quickly.

Thank you.